OpenStack Compute (nova)

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1031311
Comment #9

Comment 9 for bug 1031311

Revision history for this message

Steve Beattie (sbeattie) wrote on 2012-07-31: Re: CVE-2012-3361 not fully addressed

As announcements went out for the incomplete fix (openstack OSSA-2012-008, Ubuntu USN 1501-1), MITRE will likely want a separate CVE issued for the complete fix, so that users can be assured that vendors have addressed both elements of the issue.

(As an example of how a similar issue was handled with php, see http://www.openwall.com/lists/oss-security/2012/05/09/6 ; specifically the handling of CVE-2012-2311 and CVE-2012-NEW-2, which later in the email thread was assigned as CVE-2012-2336.)