oss-sec mailing list archives
Re: CVE request for vulnerability in OpenStack Glance
From: Tristan Cacqueray <tristan.cacqueray () enovance com>
Date: Thu, 19 Feb 2015 13:02:28 -0500
On 02/19/2015 12:44 PM, cve-assign () mitre org wrote:
Title: Glance import task leaks image in backendIs this about two separate findings, one in 2014 and one in 2015, that were ultimately fixed at the same time in Glance: https://review.openstack.org/#/c/122427/ Sep 18, 2014 ... an exception is raised and is not handled ... the uploaded image file stays in a storage and clogs it https://review.openstack.org/#/c/156553 Feb 17, 2015 ... Import task does not update the location of the image ... Image data remains in backend for deleted image ? If so, then it should have two CVE IDs.
That is correct, the former issue was indeed reported in 2014 here: https://launchpad.net/bugs/1371118 Thanks, -- Tristan Cacqueray OpenStack Vulnerability Management Team
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Jan 12)
- <Possible follow-ups>
- CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Jan 16)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Jan 18)
- CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Feb 19)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 19)
- Re: CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Feb 19)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 19)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 19)