EPEL Status of openstack-nova in
Anssi Johansson
epel at miuku.net
Fri Mar 28 08:36:11 UTC 2014
A number of openstack-nova security bugs were recently closed as WONTFIX:
https://bugzilla.redhat.com/show_bug.cgi?id=956808
/var/log/nova/ is world readable
https://bugzilla.redhat.com/show_bug.cgi?id=961736
CVE-2013-2030 insecure directory creation for signing
https://bugzilla.redhat.com/show_bug.cgi?id=963728
CVE-2013-2096 fails to verify image virtual size denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=994810
CVE-2013-2256 private flavors resource limit circumvention
https://bugzilla.redhat.com/show_bug.cgi?id=994817
CVE-2013-4185 network source security groups denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=995173
CVE-2013-4179 XML entities DoS
https://bugzilla.redhat.com/show_bug.cgi?id=999277
CVE-2013-4261 console-log DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1040789
CVE-2013-7048 insecure directory permissions in snapshots
https://bugzilla.redhat.com/show_bug.cgi?id=1057311
CVE-2013-7130 Live migration can leak root disk into ephemeral storage
The reason for WONTFIX was stated as "Openstack is not maintained in
EPEL, newer versions of openstack for EPEL are kept in RDO".
If there are no plans to continue maintaining openstack-nova in EPEL,
the package should be removed from EPEL.
More information about the epel-devel
mailing list