Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 13 Jun 2015 14:31:45 +0000
From: Jeremy Stanley <>
Subject: Re: CVE-2015-1850: OpenStack Cinder/Nova:
 Format-guessing and file disclosure in image convert

[cross-post to openstack-security ML dropped to avoid unwarranted
crosstalk on oss-security]

On 2015-06-13 13:58:42 +0100 (+0100), Dave Walker wrote:
> I see that this is being brought to oss-sec', but seemingly not via the
> OpenStack Security Group or Vulnerability Management Team.
> You said that this was raised upstream on 2015-01-27, do you have a
> Launchpad bug number or information on this discourse as to what was the
> outcome?

Since this is now public, I'm lifting the current embargo. See bug
report at for additional details.
Jeremy Stanley

Download attachment "signature.asc" of type "application/pgp-signature" (950 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ