Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock the nova package. This fixes CVE-2012-3447, which is a file injection vulnerability in the host filesystem, using a specially crafted guest image. The relevant diff is available here: http://anonscm.debian.org/gitweb/?p=openstack/nova.git;a=commitdiff;h=55e78f9cbaa1c4657a97c6b20797a94968030e75 The patch comes directly from upstream, as per the patch header (I just applied it manually, then did dpkg-source --commit). Note that this also includes a (needed) tweak in the configuration files as per this commit: http://anonscm.debian.org/gitweb/?p=openstack/nova.git;a=commitdiff;h=4cd725c5d164484a3ddb6bf95f37fb715cb51169 Also, Ubuntu folks already fixed the issue in 12.04. Please unblock nova/2012.1.1-6 ASAP. Cheers, Thomas Goirand -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
