On Mon, Aug 06, 2012 at 09:21:07AM -0700, Gurucharan Shetty wrote: > On Fri, Aug 3, 2012 at 12:00 PM, Ben Pfaff <b...@nicira.com> wrote: > > > Debian bug #683665, Red Hat bug #845350, and CVE-2012-3449 all claim that > > ovs-pki's "incoming" directory is a security vulnerability. I do not think > > that this is the case, but I do not know of any users for this feature, so > > on balance I prefer to remove it and the ovs-pki-cgi program associated > > with it, just to be sure. > > > > CVE-2012-3449. > > Bug-report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665 > > Bug-report: https://bugzilla.redhat.com/show_bug.cgi?id=84535 > > Reported-by: Andreas Beckmann <deb...@abeckmann.de> > > Signed-off-by: Ben Pfaff <b...@nicira.com>
> At the end of the file: > .SH "SEE ALSO" > > .BR ovs\-controller (8), > .BR ovs\-pki\-cgi (8) > > Should we remove the reference to ovs-pki-cgi? You're right. I've removed it now. > Otherwise, looks good to me. Thanks. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
