[Bug 1664931] Re: [OSSA-2017-005] nova rebuild ignores all image properties and scheduler filters (CVE-2017-16239)

** Summary changed: - nova rebuild ignores all image properties and scheduler filters (CVE-2017-16239) + [OSSA-2017-005] nova rebuild ignores all image properties and scheduler filters (CVE-2017-16239) ** Description changed: - This issue is being treated as a potential security risk under emb

[Bug 1449062] Re: qemu-img calls need to be restricted by ulimit (CVE-2015-5162)

Indeed my bad, oslo-concurrency 2.6.1, 3.7.1 and 3.8.0 are all good and referenced in the upper-constraint of supported stable branches. Thus I agree we could omit that note on the advisory. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubun

[Bug 1449062] Re: qemu-img calls need to be restricted by ulimit (CVE-2015-5162)

Jeremy, the missing bit for oslo-concurrency 3.7.1 is https://review.openstack.org/#/q/I164c4b35e1357a0f80ed7fe00a7ae8f49df92e31 and it was merged to stable branches. Fortunately it seems like all version >= 3.8.0 are good enough to support correct resources limit, so I guess we could just mention

[Bug 1449062] Re: qemu-img calls need to be restricted by ulimit (CVE-2015-5162)

Jeremy, the impact description looks good. Though note that prlimit implementation before oslo.concurrency-3.8.0 doesn't support all the required resources limit, thus I would mention that oslo.concurrency>=3.8.0 is required to fix that issue. -- You received this bug notification because you are

[Bug 1449062] Re: qemu-img calls need to be restricted by ulimit (CVE-2015-5162)

Here is a recap of all related patches, master/newton (oslo.concurrency-3.8.0): * https://review.openstack.org/243829 oslo.concurrency prlimit (merged in 3.7.1) * https://review.openstack.org/307813 oslo.concurrency process limit (not merged in 3.7.1) * https://review.openstack.org/307663 nova fi

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

@james-page, it seems like you are the one who can change the "swift (ubuntu)" task status. Please put it back to "confirmed"... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1493303 Title: [OSSA 20

[Bug 1493303] Re: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)

** Changed in: ossa Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1493303 Title: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0

[Bug 1493303] Re: Swift proxy memory leak on unfinished read (CVE-2016-0738)

** Description changed: - This issue is being treated as a potential security risk under embargo. - Please do not make any public mention of embargoed (private) security - vulnerabilities before their coordinated publication by the OpenStack - Vulnerability Management Team in the form of an offici

[Bug 832507] Re: console.log grows indefinitely

@John Haller: Great news! Do you think the associated code could be proposed as backport for Havana and Icehouse too ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/832507 Title: console.log grows