oss-sec mailing list archives

Re: CVE request for vulnerability in OpenStack Glance

From: cve-assign () mitre org
Date: Thu, 19 Feb 2015 12:44:36 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Title: Glance import task leaks image in backend


Is this about two separate findings, one in 2014 and one in 2015, that
were ultimately fixed at the same time in Glance:

  https://review.openstack.org/#/c/122427/
  Sep 18, 2014 ... an exception is raised and is not handled ...
  the uploaded image file stays in a storage and clogs it

  https://review.openstack.org/#/c/156553
  Feb 17, 2015 ... Import task does not update the location
  of the image ... Image data remains in backend for
  deleted image

? If so, then it should have two CVE IDs.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU5iCbAAoJEKllVAevmvmsN9oH/ilgIGL/X5VyVLc55d4egDZs
flqTOk5e7VTA6B31iX6/O3A74SUXPNTEilzzm5wsx0+fTb9cblgRSLU69PqnC45U
U+FU0kjeiyEMN0UGYPGxC37EctrIBu/SMattJZ2Z9EpAZZ0eAai2zUvNt3/5DVSS
+6cctx7z5jsm4Qz+gXDkYhl6HJlxJ2m596NcFZWvjEMtlTFEfKMHSSvkcYJG315O
H8bvt82lZFL7df3LCsrlbdey6r/jdrLBcP0Epmv87igla211Lr21yZ/zCyJHLIpi
xdiqwNcTDLrIVH7BSUrCdsS0uDfy3q05IW/9YmN/n45qO6cB22Iy03IKo/GizIc=
=NiIp
-----END PGP SIGNATURE-----

Current thread:

CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Jan 12)
- <Possible follow-ups>
- CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Jan 16)
  - Re: CVE request for vulnerability in OpenStack Glance cve-assign (Jan 18)
- CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Feb 19)
  - Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 19)
    - Re: CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Feb 19)
  - Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 19)