Tags: confirmed
Le 2015-02-14 00:25, Thomas Goirand a écrit :
Moritz Mühlenhoff (aka jmm) made me aware of CVE-2014-7231, which has
been
fixed in the release 0.2.0 of python-oslo.utils. This version has
never been
uploaded to Sid (I uploaded it to Experimental instead), as I didn't
want to
risk changing anything in OpenStack Icehouse in Jessie.
But since it fixes CVE-2014-7231, I'd like now to have version 0.2.0
replacing
version 0.1.1 in Jessie. Indeed, the patch available here:
https://review.openstack.org/gitweb?p=openstack%2Foslo.utils.git;a=commitdiff;h=e0425691d90bce0bbe847a9ff49468ce0fab5486
AFAICS, 0.2.0 looks like more or less the commit you're pointing at.
Nevertheless,
If you feel more comfortable with uploading 0.2.0 than extracting a
targeted patch,
then please go ahead and notify us as soon as it hits the archive.
Please adjust the changelog and gbp.conf though.
Cheers.
--
Mehdi
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: https://lists.debian.org/[email protected]
