Bug#684452: CVE-2012-3447 unblock: nova/2012.1.1-6

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#684452: CVE-2012-3447 unblock: nova/2012.1.1-6
From: Thomas Goirand <zigo@debian.org>
Date: Fri, 10 Aug 2012 14:25:55 +0800
Message-id: <[🔎] 20120810062555.21593.55654.reportbug@buzig.gplhost.com>
Reply-to: Thomas Goirand <zigo@debian.org>, 684452@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock the nova package. This fixes CVE-2012-3447, which is a
file injection vulnerability in the host filesystem, using a specially
crafted guest image.

The relevant diff is available here:
http://anonscm.debian.org/gitweb/?p=openstack/nova.git;a=commitdiff;h=55e78f9cbaa1c4657a97c6b20797a94968030e75

The patch comes directly from upstream, as per the patch header (I just
applied it manually, then did dpkg-source --commit).

Note that this also includes a (needed) tweak in the configuration files
as per this commit:
http://anonscm.debian.org/gitweb/?p=openstack/nova.git;a=commitdiff;h=4cd725c5d164484a3ddb6bf95f37fb715cb51169

Also, Ubuntu folks already fixed the issue in 12.04.

Please unblock nova/2012.1.1-6 ASAP.

Cheers,

Thomas Goirand

Reply to:

Follow-Ups:
- Bug#684452: CVE-2012-3447 unblock: nova/2012.1.1-6
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#684452: marked as done (CVE-2012-3447 unblock: nova/2012.1.1-6)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#684450: unblock: python-apt/0.8.7
Next by Date: Bug#684450: unblock: python-apt/0.8.7
Previous by thread: Processed: Re: Bug#684450: unblock: python-apt/0.8.7
Next by thread: Bug#684452: CVE-2012-3447 unblock: nova/2012.1.1-6
Index(es):
- Date
- Thread