[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#778353: pre-approval for unblock: python-oslo.utils/0.2.0-1 (fixing CVE-2014-7231)



Tags: confirmed

Le 2015-02-14 00:25, Thomas Goirand a écrit :
Moritz Mühlenhoff (aka jmm) made me aware of CVE-2014-7231, which has been fixed in the release 0.2.0 of python-oslo.utils. This version has never been uploaded to Sid (I uploaded it to Experimental instead), as I didn't want to
risk changing anything in OpenStack Icehouse in Jessie.

But since it fixes CVE-2014-7231, I'd like now to have version 0.2.0 replacing
version 0.1.1 in Jessie. Indeed, the patch available here:

https://review.openstack.org/gitweb?p=openstack%2Foslo.utils.git;a=commitdiff;h=e0425691d90bce0bbe847a9ff49468ce0fab5486


AFAICS, 0.2.0 looks like more or less the commit you're pointing at. Nevertheless, If you feel more comfortable with uploading 0.2.0 than extracting a targeted patch,
then please go ahead and notify us as soon as it hits the archive.

Please adjust the changelog and gbp.conf though.

Cheers.

--
Mehdi


Reply to: