<html>

  <head>

    <meta content="text/html; charset=windows-1252"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    Minwoo,<br>

    <br>

    The cherry-picks for the contain-updater and object-updater back to

    stable/juno are now available for review: 

    <a class="moz-txt-link-freetext" href="https://review.openstack.org/146211">https://review.openstack.org/146211</a> and

    <a class="moz-txt-link-freetext" href="https://review.openstack.org/134082">https://review.openstack.org/134082</a><br>

    <br>

    Jay<br>

    <br>

    <div class="moz-cite-prefix">On 01/08/2015 09:21 AM, Minwoo Bae

      wrote:<br>

    </div>

    <blockquote

cite="mid:OFF5F62607.334812B3-ON87257DC7.00540C83-86257DC7.00546A55@us.ibm.com"

      type="cite"><font face="sans-serif" size="2">Hi, to whom it may

        concern:</font>

      <br>

      <br>

      <br>

      <font face="sans-serif" size="2">Jay Bryant and I would like to

        have

        the fixes for the Swift object-updater (</font><a

        moz-do-not-send="true"

        href="https://review.openstack.org/#/c/125746/"><font

          color="blue" face="sans-serif" size="2">https://review.openstack.org/#/c/125746/</font></a><font

        face="sans-serif" size="2">)

        and the Swift container-updater (</font><a

        moz-do-not-send="true"

href="https://review.openstack.org/#/q/I7eed122bf6b663e6e7894ace136b6f4653db4985,n,z"><font

          color="blue" face="sans-serif" size="2">https://review.openstack.org/#/q/I7eed122bf6b663e6e7894ace136b6f4653db4985,n,z</font></a><font

        face="sans-serif" size="2">)

        backported to Juno and then to Icehouse soon if possible. It's

        been in

        the queue for a while now, so we were wondering if we could have

        an estimated

        time for delivery? </font>

      <br>

      <br>

      <font face="sans-serif" size="2">Icehouse is in security-only

        mode, but

        the container-updater issue may potentially be used as a

        fork-bomb, which

        presents security concerns. To further justify the fix, a

        problem of similar

        nature </font><a moz-do-not-send="true"

        href="https://review.openstack.org/#/c/126371/"><font

          color="blue" face="sans-serif" size="2">https://review.openstack.org/#/c/126371/</font></a><font

        face="sans-serif" size="2">

        (regarding the object-auditor) was successfully fixed in

        stable/icehouse.

      </font>

      <br>

      <br>

      <font face="sans-serif" size="2">The object-updater issue may

        potentially

        have some security implications as well. </font>

      <br>

      <br>

      <br>

      <font face="sans-serif" size="2">Thank you very much! </font>

      <br>

      <br>

      <font face="sans-serif" size="2">Minwoo</font>

      <br>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

OpenStack-dev mailing list

<a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>

<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>

</pre>

    </blockquote>

    <br>

  </body>

</html>