Bug#778353: pre-approval for unblock: python-oslo.utils/0.2.0-1 (fixing CVE-2014-7231)

[Mehdi Dogguy <mehdi@dogguy.org>]

Tags: confirmed

Le 2015-02-14 00:25, Thomas Goirand a écrit :
> Moritz Mühlenhoff (aka jmm) made me aware of CVE-2014-7231, which has 
> been
> fixed in the release 0.2.0 of python-oslo.utils. This version has 
> never been
> uploaded to Sid (I uploaded it to Experimental instead), as I didn't 
> want to
> risk changing anything in OpenStack Icehouse in Jessie.
>
> But since it fixes CVE-2014-7231, I'd like now to have version 0.2.0 
> replacing
> version 0.1.1 in Jessie. Indeed, the patch available here:
>
> https://review.openstack.org/gitweb?p=openstack%2Foslo.utils.git;a=commitdiff;h=e0425691d90bce0bbe847a9ff49468ce0fab5486

AFAICS, 0.2.0 looks like more or less the commit you're pointing at. 
Nevertheless,
If you feel more comfortable with uploading 0.2.0 than extracting a 
targeted patch,
then please go ahead and notify us as soon as it hits the archive.

Please adjust the changelog and gbp.conf though.

Cheers.

--
Mehdi