On 11/03/2013 10:27 PM, Salvatore Bonaccorso wrote: > Package: nova > Severity: important > Tags: security upstream patch > > Hi, > > the following vulnerabilities were published for nova. > > CVE-2013-4463[0]: > Compressed disk image DoS > > CVE-2013-4469[1]: > Denial of Service (Incomplete fix for CVE-2013-2096) > > Red Hat Bugzillla provides patches for both CVE's at [2] (note the CVE > split, but the patches are found in [2]). > > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > For further information see: > > [0] http://security-tracker.debian.org/tracker/CVE-2013-4463 > [1] http://security-tracker.debian.org/tracker/CVE-2013-4469 > [2] https://bugzilla.redhat.com/show_bug.cgi?id=1023239 > [3] https://bugzilla.redhat.com/show_bug.cgi?id=1023581 > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore
This one has been fixed in Sid, please update the tracker. I'll work on backporting the fix to Stable. Thomas -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

