Summary: | <app-admin/glance-2012.2.3: Password Disclosure (CVE-2013-0212) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/51957/ | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-01-30 15:52:39 UTC
Will be fixed once this is released. It is fixed in git head, so 9999 works. https://launchpad.net/glance/+milestone/2012.2.3 bug glance side https://bugs.launchpad.net/glance/+bug/1098962 2012.2.1 out of tree and 2012.2.3 in tree (along with 9999). you should be good to close methinks Thanks, Matthew. Closing noglsa for ~arch only. CVE-2013-0212 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0212): store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages. |