Thomas Goirand wrote: > I was wondering if you could help me here. I'm worried about this new > bug in Debian: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515
The CVE and bug are lacking a bit of information, but it really looks like a duplicate of Debian bug 700240 (CVE-2013-0270): large POST requests consuming server memory/CPU. Both would be mitigated by a request-limiting front-end (for Folsom and before) or the sizelimit middleware (for Grizzly and after), which were suggested as workarounds for CVE-2013-0270 already. > Already CVE-2013-0247 and CVE-2013-0270 were duplicates. Is it possible > that CVE-2013-2014 is also a duplicate of the same issue? CVE-2013-0247 is not a duplicate of CVE-2013-0270. CVE-2013-0270: Large POST consuming memory/CPU CVE-2013-0247: Malicious POST to /tokens consuming disk space Hope this helps, -- Thierry Carrez (ttx) OpenStack Vulnerability Management Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
