Summer: why was a 2017 series CVE number assigned for this issue? It wasn't reported until this month.
Did you mean to assign the CVE for the earlier bug 1699573 instead? I see that https://access.redhat.com/security/cve/cve-2017-15139 mentions OSSN-0084 which was about the earlier fix for thick volumes (only fixed in the master branch of Cinder so far).
Or do we want to consider these duplicate bugs with backports to earlier branches covering thick and thin volumes alike?
Summer: why was a 2017 series CVE number assigned for this issue? It wasn't reported until this month.
Did you mean to assign the CVE for the earlier bug 1699573 instead? I see that https:/ /access. redhat. com/security/ cve/cve- 2017-15139 mentions OSSN-0084 which was about the earlier fix for thick volumes (only fixed in the master branch of Cinder so far).
Or do we want to consider these duplicate bugs with backports to earlier branches covering thick and thin volumes alike?