On 02/12/2013 12:11 AM, Thierry Carrez wrote: > Dolph Mathews wrote: >> Dan Prince also wrote a more specific fix for the same issue and >> backported it to essex here: >> https://bugs.launchpad.net/keystone/+bug/1098307 > > Indeed, we didn't backport the size-limiting middleware because we don't > backport new features as part of security vulnerability fixes (following > what distributions security teams accept). > > As mentioned in the advisory, the fix for CVE-2013-0270 in Essex is here: > https://review.openstack.org/#/c/21216/
I'm quite confused now. We have CVE-2013-0247 and CVE-2013-0270. Aren't these the same problem? Patches are conflicting and doing approximately the same in different ways. Thomas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
