On Mon, Dec 02, 2024 at 08:12:21AM +0100, Thomas Goirand wrote: > On 12/1/24 17:31, Moritz Mühlenhoff wrote: > > Source: neutron > > X-Debbugs-CC: t...@security.debian.org > > Severity: important > > Tags: security > > > > Hi, > > > > The following vulnerability was published for neutron. > > > > CVE-2024-53916[0]: > > | In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py > > | can use an incorrect ID during policy enforcement. NOTE: 935883 has > > | the "Work in Progress" status as of 2024-11-24. > > > > https://review.opendev.org/c/openstack/neutron/+/935883 > > > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2024-53916 > > https://www.cve.org/CVERecord?id=CVE-2024-53916 > > > > Please adjust the affected versions in the BTS as needed. > > Hi moritz, > > Since the patch that introduced the bug was merged in Oct 19, 2023, Neutron > was never affected in any stable release of Debian. Please update the > security tracker accordingly.
Ack, I've just updated the Security Tracker and added https://opendev.org/openstack/neutron/commit/f9b91289a5c2948429e69e1b58098cec846fba99 as the introducing commit. Cheers, Moritz
