Summary: | app-admin/glance: Users of glance may be able to replace active image data | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Aaron Bauman (RETIRED) <bman> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | idl0r, jmbsvicetto, mgorny, prometheanfire, robbat2 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.launchpad.net/glance/+bug/1549483 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Aaron Bauman (RETIRED)
2017-02-03 11:21:10 UTC
It's been unblocked upstream. What should I do about this, since there's no patch / fix? This is now public. (In reply to Matthew Thode ( prometheanfire ) from comment #1) > What should I do about this, since there's no patch / fix? Good question. Do you think we need to inform Gentoo users about this? glsa wouldn't be bad, as the remediation for this is manual (In reply to Matthew Thode ( prometheanfire ) from comment #3) > glsa wouldn't be bad, as the remediation for this is manual After discussing with security team we'd like to ask you to create a news item instead. A GLSA would require an "unaffected version" information we can't provide with the result that glsa-check would always mark any system with app-admin/glance as affected. A news item instead will be marked as read once shown... (In reply to Matthew Thode ( prometheanfire ) from comment #3) > glsa wouldn't be bad, as the remediation for this is manual Did a news item go out for this as recommended? (In reply to Aaron Bauman from comment #5) > (In reply to Matthew Thode ( prometheanfire ) from comment #3) > > glsa wouldn't be bad, as the remediation for this is manual > > Did a news item go out for this as recommended? No news item. Do we still want to address this or not? It might just be easier to drop ocata, it's EOL date is 2018-02-26 pike and queens are in tree, ocata is not, so not impacting anymore? (In reply to Matthew Thode ( prometheanfire ) from comment #8) > pike and queens are in tree, ocata is not, so not impacting anymore? Seems like that, app-admin/glance is not vuln with newer versions right? If that's the case we are good to go and close this one. Thank you Matthew correct |