Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 536346 - <sys-cluster/swift-2.2.0: Security bypass vulnerability (CVE-2014-7960)
Summary: <sys-cluster/swift-2.2.0: Security bypass vulnerability (CVE-2014-7960)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-01-11 19:01 UTC by GLSAMaker/CVETool Bot
Modified: 2016-03-29 08:36 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2015-01-11 19:01:36 UTC 
CVE-2014-7960 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7960):
  OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated
  users to bypass the max_meta_count and other metadata constraints via
  multiple crafted requests which exceed the limit when combined.


Maintainer(s), please drop vulnerable versions.
Comment 1 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2015-01-13 03:25:00 UTC 
fixed (removed all but 2.2.0 and 9999).