Comment 12 for bug 1732976

Revision history for this message
Matt Riedemann (mriedem) wrote : Re: Potential DoS by rebuilding the same instance with a new image multiple times

From the issues outlined in comment 10:

1. Fixes a regression introduced by the fix for CVE-2017-16239 which was released. So I guess that's an errata on CVE-2017-16239.

2. Fixes *this* bug 1732976 which is a new CVE introduced by the fix for CVE-2017-16239 which was released, so yes I guess it's a new CVE.

3. Is the same as #1 (regression introduced by the fix for CVE-2017-16239). That's tracked under bug 1732947.

--

Given this, can the nova team move forward with reviewing and backporting the fixes for #1 and #3 while a new OSSA/CVE is created for #2?