Date: Sat, 13 Jun 2015 14:31:45 +0000 From: Jeremy Stanley <jeremy@...nstack.org> To: oss-security@...ts.openwall.com Subject: Re: CVE-2015-1850: OpenStack Cinder/Nova: Format-guessing and file disclosure in image convert [cross-post to openstack-security ML dropped to avoid unwarranted crosstalk on oss-security] On 2015-06-13 13:58:42 +0100 (+0100), Dave Walker wrote: > I see that this is being brought to oss-sec', but seemingly not via the > OpenStack Security Group or Vulnerability Management Team. [...] > You said that this was raised upstream on 2015-01-27, do you have a > Launchpad bug number or information on this discourse as to what was the > outcome? Since this is now public, I'm lifting the current embargo. See bug report at https://launchpad.net/bugs/1415087 for additional details. -- Jeremy Stanley Download attachment "signature.asc" of type "application/pgp-signature" (950 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ