Debian Bug report logs -
#868185
CVE-2016-4383
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 12 Jul 2017 21:57:05 UTC
Severity: important
Tags: security, upstream
Done: Thomas Goirand <zigo@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>
:
Bug#868185
; Package src:glance
.
(Wed, 12 Jul 2017 21:57:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>
.
(Wed, 12 Jul 2017 21:57:08 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: glance
Severity: important
Tags: security
Hi,
please see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4383
Cheers,
Moritz
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sun, 23 Jul 2017 11:57:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>
:
Bug#868185
; Package src:glance
.
(Sun, 23 Jul 2017 22:48:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Thomas Goirand <zigo@debian.org>
:
Extra info received and forwarded to list. Copy sent to PKG OpenStack <openstack-devel@lists.alioth.debian.org>
.
(Sun, 23 Jul 2017 22:48:02 GMT) (full text, mbox, link).
Message #12 received at 868185@bugs.debian.org (full text, mbox, reply):
Hi,
Reading the comments at https://bugs.launchpad.net/glance/+bug/1593799/,
it looks like upstream :
- will never write a fix
- don't feel like it's a big problem
- only wrote an announcement
Therefore, what's the recommended course of action for Debian? Should we
also publish the upstream recommendation? Or just ignore the issue,
assuming OpenStack users are reading the upstream announcements?
Cheers,
Thomas Goirand (zigo)
Information forwarded
to debian-bugs-dist@lists.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>
:
Bug#868185
; Package src:glance
.
(Mon, 07 Aug 2017 03:33:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>
:
Extra info received and forwarded to list. Copy sent to PKG OpenStack <openstack-devel@lists.alioth.debian.org>
.
(Mon, 07 Aug 2017 03:33:06 GMT) (full text, mbox, link).
Message #17 received at 868185@bugs.debian.org (full text, mbox, reply):
On Mon, Jul 24, 2017 at 12:44:21AM +0200, Thomas Goirand wrote:
> Hi,
>
> Reading the comments at https://bugs.launchpad.net/glance/+bug/1593799/,
> it looks like upstream :
> - will never write a fix
> - don't feel like it's a big problem
> - only wrote an announcement
>
> Or just ignore the issue,
> assuming OpenStack users are reading the upstream announcements?
I think that's the correct course of action. I'll update the security
tracker.
Cheers,
Moritz
Reply sent
to Thomas Goirand <zigo@debian.org>
:
You have taken responsibility.
(Wed, 05 Sep 2018 21:03:03 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Wed, 05 Sep 2018 21:03:03 GMT) (full text, mbox, link).
Message #22 received at 868185-done@bugs.debian.org (full text, mbox, reply):
Since we decided in Debian that we wont do anything, I'm closing this
bug. Cheers,
Thomas Goirand (zigo)
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 04 Oct 2018 07:31:29 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:46:51 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.