On Mon, Jul 29, 2013 at 4:01 AM, Thierry Carrez <<email address hidden>
> wrote:
> We need the grizzly backport and a CVE allocated before we move on to
> advisory publication
>
> ** Also affects: cinder/grizzly
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of Cinder
> Bug Team, which is subscribed to Cinder.
> https://bugs.launchpad.net/bugs/1198185
>
> Title:
> delete_snapshot in LVMVolumeDriver not really zero the snapshot
>
> Status in Cinder:
> Fix Released
> Status in Cinder grizzly series:
> New
> Status in OpenStack Security Advisories:
> Triaged
>
> Bug description:
> the delete action process:
> delete_snapshot(self, snapshot) -> self._delete_volume(snapshot,
> snapshot['volume_size']) -> self.clear_volume(volume)
>
> def clear_volume(self, volume):
> """unprovision old volumes to prevent data leaking between
> users."""
>
> vol_path = self.local_path(volume)
> size_in_g = volume.get('size')
> size_in_m = self.configuration.volume_clear_size
>
> if not size_in_g:
> LOG.warning(_("Size for volume: %s not found, "
> "skipping secure delete.") % volume['name'])
> return
> ....
> ....
>
>
> Because snapshot without 'size' field, so it will skip secure delete.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/cinder/+bug/1198185/+subscriptions
>
Do it as soon as I get to the office
On Mon, Jul 29, 2013 at 4:01 AM, Thierry Carrez <<email address hidden>
> wrote:
> We need the grizzly backport and a CVE allocated before we move on to /bugs.launchpad .net/bugs/ 1198185 snapshot( self, snapshot) -> self._delete_ volume( snapshot, 'volume_ size']) -> self.clear_ volume( volume) path(volume) ion.volume_ clear_size /bugs.launchpad .net/cinder/ +bug/1198185/ +subscriptions
> advisory publication
>
> ** Also affects: cinder/grizzly
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of Cinder
> Bug Team, which is subscribed to Cinder.
> https:/
>
> Title:
> delete_snapshot in LVMVolumeDriver not really zero the snapshot
>
> Status in Cinder:
> Fix Released
> Status in Cinder grizzly series:
> New
> Status in OpenStack Security Advisories:
> Triaged
>
> Bug description:
> the delete action process:
> delete_
> snapshot[
>
> def clear_volume(self, volume):
> """unprovision old volumes to prevent data leaking between
> users."""
>
> vol_path = self.local_
> size_in_g = volume.get('size')
> size_in_m = self.configurat
>
> if not size_in_g:
> LOG.warning(_("Size for volume: %s not found, "
> "skipping secure delete.") % volume['name'])
> return
> ....
> ....
>
>
> Because snapshot without 'size' field, so it will skip secure delete.
>
> To manage notifications about this bug go to:
> https:/
>