[Openstack-security] [openstack/nova] SecurityImpact review request change If5ac48c5c889034c7b0ba24d977e8f4a14137a12
Thierry Carrez
thierry at openstack.org
Wed Aug 21 18:09:35 UTC 2013
Daniel P. Berrange wrote:
> Was this driver present in the Grizzly release ? If so, then this fix
> would merit a CVE if someone can identify a way to exploit the flawed
> command checking in current code.
The use cases were analyzed in
https://bugs.launchpad.net/nova/+bug/1192971 and none of them were found
exploitable. The code is being fixed as a strengthening measure (esp.
for future calls), not as a vulnerability fix.
--
Thierry Carrez (ttx)
More information about the Openstack-security
mailing list