On Thu, Dec 13, 2012 at 04:34:38PM +0800, Thomas Goirand wrote:
> On 12/13/2012 03:37 PM, Moritz Muehlenhoff wrote:
> > Package: nova
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > Please see http://seclists.org/oss-sec/2012/q4/435
> >
> > Cheers,
> > Moritz
>
> Hi Moritz,
>
> Thanks for opening this bug entry! I do appreciate (a lot) your
> commitment to the security in Debian and tracking all issues.
>
> However, this CVE is present only in Openstack Folsom, as described in
> the Affects: field of this link. Debian Wheezy/SID has Openstack Essex.
> Therefor, Debian isn't affected by this problem, and I'm closing this bug.
>
> Also, I am receiving security alerts for Openstack directly from the
> release manager (eg: ttx), and most of the time, one week in advance, if
> the bug/security-fix can be embargoed. You can assume I am aware of it
> (though reminding me is a good idea).
>
> Note that I'm about to upload Folsom in Experimental (it's ready on
> Alioth, I'm only waiting for FTP masters to approve openstack-pkg-tools
> which all packages now build-depends on).
Thanks! I don't use OpenStack and I have no idea what these codenames mean.
If you're notified of an OpenStack issue in the future, which doesn't affect
the Debian version, please ping me on IRC or send a mail to
t...@security.debian.org so that we can update the Debian Security Tracker.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
