On 01/26/2017 10:11 PM, Salvatore Bonaccorso wrote: > Source: python-oslo.middleware > Version: 3.19.0-2 > Severity: grave > Tags: security patch upstream > Forwarded: https://launchpad.net/bugs/1628031 > > Hi, > > the following vulnerability was published for python-oslo.middleware. > > CVE-2017-2592[0]: > CatchErrors leaks sensitive values in oslo.middleware > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-2592 > [1] https://launchpad.net/bugs/1628031 > > Regards, > Salvatore
Hi Salvatore, Thanks for the notification. IMO this isn't a grave issue. To be able to read the logs, someone would need to have access to the server logs, meaning having privileged access to the server. I have never the less uploaded the upstream patch to Sid, and asked for an unblock to the release team (with 5 days delay). Cheers, Thomas Goirand (zigo)
