OpenStack Compute (nova)

  1. Bug #1409142
  2. Comment #102

Comment 102 for bug 1409142

Revision history for this message
Thomas Goirand (thomas-goirand) wrote : Re: Websocket Hijacking Vulnerability in Nova VNC Server (CVE-2015-0259)

Hi. Since I already have a bug opened against the NoVNC package [1], the security team and the release team of Debian are getting nervous that this issue isn't addressed in Debian. Can I already upload the Nova package with the above patch? Does it requires the patch from NoVNC available here [2] ?

Please let me know ASAP,

Cheers,

Thomas Goirand (zigo)

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778618

[2] https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd