Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock the nova package. This fixes CVE-2012-3447, which is a file injection vulnerability in the host filesystem, using a specially crafted guest image. The relevant diff is available here: http://anonscm.debian.org/gitweb/?p=openstack/nova.git;a=commitdiff;h=55e78f9cbaa1c4657a97c6b20797a94968030e75 The patch comes directly from upstream, as per the patch header (I just applied it manually, then did dpkg-source --commit). Note that this also includes a (needed) tweak in the configuration files as per this commit: http://anonscm.debian.org/gitweb/?p=openstack/nova.git;a=commitdiff;h=4cd725c5d164484a3ddb6bf95f37fb715cb51169 Also, Ubuntu folks already fixed the issue in 12.04. Please unblock nova/2012.1.1-6 ASAP. Cheers, Thomas Goirand -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
