Bug#684452: CVE-2012-3447 unblock: nova/2012.1.1-6
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock the nova package. This fixes CVE-2012-3447, which is a
file injection vulnerability in the host filesystem, using a specially
crafted guest image.
The relevant diff is available here:
http://anonscm.debian.org/gitweb/?p=openstack/nova.git;a=commitdiff;h=55e78f9cbaa1c4657a97c6b20797a94968030e75
The patch comes directly from upstream, as per the patch header (I just
applied it manually, then did dpkg-source --commit).
Note that this also includes a (needed) tweak in the configuration files
as per this commit:
http://anonscm.debian.org/gitweb/?p=openstack/nova.git;a=commitdiff;h=4cd725c5d164484a3ddb6bf95f37fb715cb51169
Also, Ubuntu folks already fixed the issue in 12.04.
Please unblock nova/2012.1.1-6 ASAP.
Cheers,
Thomas Goirand
Reply to: