Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 19 Feb 2015 13:02:28 -0500
From: Tristan Cacqueray <>
Subject: Re: CVE request for vulnerability in OpenStack Glance

On 02/19/2015 12:44 PM, wrote:
>> Title: Glance import task leaks image in backend
> Is this about two separate findings, one in 2014 and one in 2015, that
> were ultimately fixed at the same time in Glance:
>   Sep 18, 2014 ... an exception is raised and is not handled ...
>   the uploaded image file stays in a storage and clogs it
>   Feb 17, 2015 ... Import task does not update the location
>   of the image ... Image data remains in backend for
>   deleted image
> ? If so, then it should have two CVE IDs.

That is correct, the former issue was indeed reported in 2014 here:


Tristan Cacqueray
OpenStack Vulnerability Management Team 

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ