Bug#868185: CVE-2016-4383
On Mon, Jul 24, 2017 at 12:44:21AM +0200, Thomas Goirand wrote: > Hi, > > Reading the comments at https://bugs.launchpad.net/glance/+bug/1593799/, > it looks like upstream : > - will never write a fix > - don't feel like it's a big problem > - only wrote an announcement > > Or just ignore the issue, > assuming OpenStack users are reading the upstream announcements? I think that's the correct course of action. I'll update the security tracker. Cheers, Moritz
Bug#868185: CVE-2016-4383
Hi, Reading the comments at https://bugs.launchpad.net/glance/+bug/1593799/, it looks like upstream : - will never write a fix - don't feel like it's a big problem - only wrote an announcement Therefore, what's the recommended course of action for Debian? Should we also publish the upstream recommendation? Or just ignore the issue, assuming OpenStack users are reading the upstream announcements? Cheers, Thomas Goirand (zigo)
Bug#868185: CVE-2016-4383
Source: glance Severity: important Tags: security Hi, please see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4383 Cheers, Moritz