On Tue, Aug 20, 2013 at 09:12:36PM +0000, gerrit2 at review.openstack.org wrote: > > Hi, I'd like you to take a look at this patch for potential > SecurityImpact. > https://review.openstack.org/36078 > > Log: > commit ddc65b392bceae9840b593db542c226407af0c22 > Author: Lance Bragstad <ldbragst at us.ibm.com> > Date: Mon Jul 1 19:49:21 2013 +0000 > > Address security concerns in PowerVM Driver > > Add two methods to common.py that will help check commands > being sent to the remote VIOS system to prevent shell injection. > > fixes bug 1192971 > > [SecurityImpact] > > Change-Id: If5ac48c5c889034c7b0ba24d977e8f4a14137a12 Was this driver present in the Grizzly release ? If so, then this fix would merit a CVE if someone can identify a way to exploit the flawed command checking in current code. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|