Comment 16 for bug 1358583
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: List instances by IP results in DoS of nova-network | #16 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
@Michael Still, a security vulnerability requires backports to supported stable releases in order to warrant an advisory (OSSA). Since Havana entered end of life, only Icehouse is now supported.
Considering the effectiveness of this attack, I think we should work on a backport. However, since Juno release is comming really fast, we should also consider if this bug really worth an embargoed disclosure. Note that if we keep the embargo the disclosure process requires 3 business days before fixes can be submitted to gerrit.
I guess it boils to the difficulty of this rework and if someone is available to do it.