From ${URL} : Jaroslav Henner (jhenner@redhat.com) reports: When console-log is run often enough, it seems to be causing death of nova-compute. @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Proposed patch upstream: https://review.openstack.org/#/c/43303/
oh, fixed in cvs, removing myself from cc
12 Sep 2013; Matthew Thode <prometheanfire@gentoo.org> +files/2012.2.4-CVE-2013-4278.patch, +files/2013.1.3-CVE-2013-4278.patch, +nova-2012.2.4-r8.ebuild, +nova-2013.1.3-r5.ebuild, -nova-2012.2.4-r7.ebuild, -nova-2013.1.3-r4.ebuild: fix for CVE-2013-4278 for bug 482144 Package was never stable, closing as noglsa
CVE-2013-4261 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4261): OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.
