Bug#708515: Bug #708515 in Debian
Thomas Goirand wrote: > I was wondering if you could help me here. I'm worried about this new > bug in Debian: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515 The CVE and bug are lacking a bit of information, but it really looks like a duplicate of Debian bug 700240 (CVE-2013-0270): large POST requests consuming server memory/CPU. Both would be mitigated by a request-limiting front-end (for Folsom and before) or the sizelimit middleware (for Grizzly and after), which were suggested as workarounds for CVE-2013-0270 already. > Already CVE-2013-0247 and CVE-2013-0270 were duplicates. Is it possible > that CVE-2013-2014 is also a duplicate of the same issue? CVE-2013-0247 is not a duplicate of CVE-2013-0270. CVE-2013-0270: Large POST consuming memory/CPU CVE-2013-0247: Malicious POST to /tokens consuming disk space Hope this helps, -- Thierry Carrez (ttx) OpenStack Vulnerability Management Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#708515: Bug #708515 in Debian
Hi Thierry, I was wondering if you could help me here. I'm worried about this new bug in Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515 I tried applying the patch, though it was already applied in the Sid version of keystone. But also, there is this issue which I already addressed: bugs.debian.org/cgi-bin/bugreport.cgi?bug=700240 Already CVE-2013-0247 and CVE-2013-0270 were duplicates. Is it possible that CVE-2013-2014 is also a duplicate of the same issue? Please let me know your thoughts, as I really would like to close this bug. Thanks in advance, Thomas Goirand (zigo) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
