[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#778353: pre-approval for unblock: python-oslo.utils/0.2.0-1 (fixing CVE-2014-7231)

On 02/17/2015 10:21 AM, Mehdi Dogguy wrote:
> Tags: confirmed
> 
> Le 2015-02-14 00:25, Thomas Goirand a écrit :
>> Moritz Mühlenhoff (aka jmm) made me aware of CVE-2014-7231, which has
>> been
>> fixed in the release 0.2.0 of python-oslo.utils. This version has
>> never been
>> uploaded to Sid (I uploaded it to Experimental instead), as I didn't
>> want to
>> risk changing anything in OpenStack Icehouse in Jessie.
>>
>> But since it fixes CVE-2014-7231, I'd like now to have version 0.2.0
>> replacing
>> version 0.1.1 in Jessie. Indeed, the patch available here:
>>
>> https://review.openstack.org/gitweb?p=openstack%2Foslo.utils.git;a=commitdiff;h=e0425691d90bce0bbe847a9ff49468ce0fab5486
>>
>>
> 
> AFAICS, 0.2.0 looks like more or less the commit you're pointing at.
> Nevertheless,
> If you feel more comfortable with uploading 0.2.0 than extracting a
> targeted patch,
> then please go ahead and notify us as soon as it hits the archive.
> 
> Please adjust the changelog and gbp.conf though.
> 
> Cheers.

Hi Mehdi,

Thanks for your reply.

Uploaded, retitling the unblock bug accordingly.

Cheers,

Thomas Goirand (zigo)
Reply to: