On 05/16/2013 05:22 PM, Nico Golde wrote: > Package: keystone > Severity: grave > Tags: security patch > > Hi, > the following vulnerability was published for keystone. > > CVE-2013-2014[0]: > | Concurrent requests with large POST body can crash the keystone process. > | This can be used by Malicious and lead to DOS to Cloud Service Provider. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > Upstream patch: https://review.openstack.org/#/c/22661/ > > Seems to be fixed for experimental in 2013.1-1. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2014 > http://security-tracker.debian.org/tracker/CVE-2013-2014
Hi, The status of the patch you are linking to is "Abandoned", so that doesn't seem right, upstream must have another patch. Thomas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
