Bug#883621: [PKG-Openstack-devel] Bug#883621: CVE-2017-17051 not fixed?
Hi Thomas, On Thu, Dec 07, 2017 at 09:45:01AM +0100, Thomas Goirand wrote: > On 12/06/2017 09:34 PM, Salvatore Bonaccorso wrote: > > Hi Thomas, > > > > CVE-2017-17051 was not fixed afaics, only the regression which was > > introduced by OSSA-2017-005. > > > > See http://www.openwall.com/lists/oss-security/2017/12/05/5 for > > CVE-2017-17051. > > > > Could you relook? > > > > Regards, > > Salvatore > > Hi Salvatore, > > Indeed, I misunderstood how upstream fixed the problem, and failed to > see that there was 2 patches, the announces were indeed a bit confusing. > Thanks a lot for finding this out, and ensuring that I did the proper > fix. I'll try to push upstream to make a new release of Nova, so that > we've got better assurance all issues are addressed. > > I've already applied upstream patch, the package is building, and I will > upload it shortly to Sid. Thank you! I have updated the security-tracker recording the fixed version. Regards, Salvatore
Bug#883621: [PKG-Openstack-devel] Bug#883621: CVE-2017-17051 not fixed?
On 12/06/2017 09:34 PM, Salvatore Bonaccorso wrote: > Hi Thomas, > > CVE-2017-17051 was not fixed afaics, only the regression which was > introduced by OSSA-2017-005. > > See http://www.openwall.com/lists/oss-security/2017/12/05/5 for > CVE-2017-17051. > > Could you relook? > > Regards, > Salvatore Hi Salvatore, Indeed, I misunderstood how upstream fixed the problem, and failed to see that there was 2 patches, the announces were indeed a bit confusing. Thanks a lot for finding this out, and ensuring that I did the proper fix. I'll try to push upstream to make a new release of Nova, so that we've got better assurance all issues are addressed. I've already applied upstream patch, the package is building, and I will upload it shortly to Sid. Cheers, Thomas Goirand (zigo)
Bug#883621: CVE-2017-17051 not fixed?
Control: reopen -1 Control: found -1 2:16.0.3-1 Control: forwarded -1 https://launchpad.net/bugs/1732976 Hi Thomas, CVE-2017-17051 was not fixed afaics, only the regression which was introduced by OSSA-2017-005. See http://www.openwall.com/lists/oss-security/2017/12/05/5 for CVE-2017-17051. Could you relook? Regards, Salvatore
Processed: Bug#883621 CVE-2017-17051 not fixed?
Processing control commands: > reopen -1 Bug #883621 {Done: Thomas Goirand} [src:nova] nova: CVE-2017-17051: Nova FilterScheduler doubles resource allocations during rebuild with new image 'reopen' may be inappropriate when a bug has been closed with a version; all fixed versions will be cleared, and you may need to re-add them. Bug reopened No longer marked as fixed in versions nova/2:16.0.3-5. > found -1 2:16.0.3-1 Bug #883621 [src:nova] nova: CVE-2017-17051: Nova FilterScheduler doubles resource allocations during rebuild with new image Ignoring request to alter found versions of bug #883621 to the same values previously set > forwarded -1 https://launchpad.net/bugs/1732976 Bug #883621 [src:nova] nova: CVE-2017-17051: Nova FilterScheduler doubles resource allocations during rebuild with new image Ignoring request to change the forwarded-to-address of bug#883621 to the same value -- 883621: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883621 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems