Date: Wed, 17 Jun 2015 06:43:00 -0700 From: Tristan Cacqueray <tdecacqu@...hat.com> To: Salvatore Bonaccorso <carnil@...ian.org>, oss-security@...ts.openwall.com Subject: Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1851) Hi Salvatore, On 06/16/2015 09:33 PM, Salvatore Bonaccorso wrote: > Could you clearify if this CVE assignment is correct? OSSA 2015-011 assigned the wrong CVE and it should have included CVE-2015-1851 instead. An ERRATA will be issued soon. > I noticed that Red Hat Bugzilla has > https://bugzilla.redhat.com/show_bug.cgi?id=1231816 (CVE-2015-1850) > for the nova issue and similarly > https://bugzilla.redhat.com/show_bug.cgi?id=1231817 (CVE-2015-1851) > for the cinder issue. Is this correct? > This is correct. Note that while a CVE has been assigned for the Nova part, the bug has still not been reproduced there, and while there is no patch, Nova has been left out of this OSSA. > Regards and thanks in advance, > Salvatore Thanks for bringing that up! -- Tristan Cacqueray OpenStack Vulnerability Management Team [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ