oss-sec mailing list archives
Re: CVE request for vulnerability in OpenStack Glance
From: cve-assign () mitre org
Date: Thu, 19 Feb 2015 12:44:36 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Title: Glance import task leaks image in backend
Is this about two separate findings, one in 2014 and one in 2015, that were ultimately fixed at the same time in Glance: https://review.openstack.org/#/c/122427/ Sep 18, 2014 ... an exception is raised and is not handled ... the uploaded image file stays in a storage and clogs it https://review.openstack.org/#/c/156553 Feb 17, 2015 ... Import task does not update the location of the image ... Image data remains in backend for deleted image ? If so, then it should have two CVE IDs. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJU5iCbAAoJEKllVAevmvmsN9oH/ilgIGL/X5VyVLc55d4egDZs flqTOk5e7VTA6B31iX6/O3A74SUXPNTEilzzm5wsx0+fTb9cblgRSLU69PqnC45U U+FU0kjeiyEMN0UGYPGxC37EctrIBu/SMattJZ2Z9EpAZZ0eAai2zUvNt3/5DVSS +6cctx7z5jsm4Qz+gXDkYhl6HJlxJ2m596NcFZWvjEMtlTFEfKMHSSvkcYJG315O H8bvt82lZFL7df3LCsrlbdey6r/jdrLBcP0Epmv87igla211Lr21yZ/zCyJHLIpi xdiqwNcTDLrIVH7BSUrCdsS0uDfy3q05IW/9YmN/n45qO6cB22Iy03IKo/GizIc= =NiIp -----END PGP SIGNATURE-----
Current thread:
- CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Jan 12)
- <Possible follow-ups>
- CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Jan 16)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Jan 18)
- CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Feb 19)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 19)
- Re: CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Feb 19)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 19)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 19)