yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1889512] Re: feedback our modification and performance after modification

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jeremy Stanley <1889512@xxxxxxxxxxxxxxxxxx>
Date: Thu, 30 Jul 2020 19:11:57 -0000
Reply-to: Bug 1889512 <1889512@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Thanks for confirming, Brian. I've ended the embargo and switched this
to public. No advisory expected, class B3 report.

** Description changed:

- This issue is being treated as a potential security risk under
- embargo. Please do not make any public mention of embargoed
- (private) security vulnerabilities before their coordinated
- publication by the OpenStack Vulnerability Management Team in the
- form of an official OpenStack Security Advisory. This includes
- discussion of the bug or associated fixes in public forums such as
- mailing lists, code review systems and bug trackers. Please also
- avoid private disclosure to other individuals not already approved
- for access to this information, and provide this same reminder to
- those who are made aware of the issue prior to publication. All
- discussion should remain confined to this private bug report, and
- any proposed fixes should be added to the bug as attachments. This
- embargo shall not extend past 2020-10-28 and will be made
- public by or on that date even if no fix is identified.
- 
  Hi, when I re-scan against a current stable branch, I find some High risk about Command Injection.
  This risk is in \glance\glance\tests\utils.py so I try to solve this risk.

** Information type changed from Private Security to Public

** Tags removed: private

** Changed in: ossa
       Status: Incomplete => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1889512

Title:
  feedback our modification and performance after modification

Status in Glance:
  New
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  Hi, when I re-scan against a current stable branch, I find some High risk about Command Injection.
  This risk is in \glance\glance\tests\utils.py so I try to solve this risk.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1889512/+subscriptions