Correct, we consider that latter case a "security hardening opportunity"
and I'm triaging this report as one now (class D in our taxonomy
https://security.openstack.org/vmt-process.html#incident-report-taxonomy
). Depending on severity and available time from editors in the Security
Team, these
It looks like bug 1514396 has been opened for the same issue in the V1
API.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-cinderclient in Ubuntu.
https://bugs.launchpad.net/bugs/1422046
Title:
cinder backup-list is always
Sounds like we're agreed that this report concerns a serious bug with
security implications (insofar as any means of accidentally destroying
your environment is), but is not an exploitable vulnerability, does not
need a CVE assignment requested by the VMT and won't lead to any
official security
While I agree there is a non-negligible risk presented by this behavior,
I don't see how a malicious actor could use this flaw to their
advantage. As such, it doesn't seem like something for which the
OpenStack Vulnerability Management Team would issue an official security
advisory.
--
You
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
It's now (UTC) Thursday.
** Changed in: ossa
Status: Incomplete = Won't Fix
** Tags added: security
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
Agreed, this is class C2 (a vulnerability in some dependency, not in
OpenStack code, and so nothing we're going to fix with a patch to
OpenStack security supported projects nor anything for which we should
issue a security advisory). If there are no disagreements, I'll switch
this to a regular
** Changed in: ossa
Assignee: hzxiongwenwu (xwwzzy) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/832507
Title:
console.log grows indefinitely
To manage
** Also affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvswitch in Ubuntu.
https://bugs.launchpad.net/bugs/1379201
Title:
openvswitch-datapath-dkms
Seems there's consensus that this is not an exploitable vulnerability.
Also, the bug was originally, even if only very briefly, public when it
was first opened (thus broader exposure has already compromised any
effective embargo).
** Changed in: ossa
Status: Incomplete = Invalid
**
10 matches
Mail list logo