Project

General

Profile

Bug #9622

CVE-2014-7203

Added by Wade Mealing over 9 years ago. Updated over 9 years ago.

Status:
Can't reproduce
Priority:
Normal
Assignee:
Category:
Backend (services)
Target version:
% Done:

0%

Source:
Community (dev)
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):

Description

This is the tracker bug for: https://bugzilla.redhat.com/show_bug.cgi?id=1147315

  • This doesn't seem to effect ICE 1.2 (Need confirmation)
  • This may effect ICE 1.3 (Unreleased)

Upstream commit here:
https://github.com/steamraven/libzmq/commit/0900a489213d74feb86fc0b343308fe7884a2a3c

From: http://www.inktank.com/enterprise/support/

Security Updates

Throughout the support lifecycle, qualified security issues of Critical or Important impact, as well as select mission-critical bugs, will be addressed by updated packages. For more information on how the impact of security issues is assessed, please read Issue Severity Classification on access.redhat.com. - See more at: http://www.inktank.com/enterprise/support/#sthash.9P6Uxs2W.dpuf

This issue does not fit the critical or imporant category under the current CVSS2 score, however if it can be picked up in the any spare cycles it would definitely be worth fixing.

I apologise in advance if the budge is lodged incorrectly.

History

#1 Updated by Dan Mick over 9 years ago

  • Category set to Backend (services)
  • Status changed from New to 12
  • Assignee set to Dan Mick
  • Target version set to 1.3 backlog
  • Source changed from other to Community (dev)

When zeromq3-x stabilizes upstream, we'll make sure this is in it, and get distro packages built one way or another.

#2 Updated by Dan Mick over 9 years ago

This code is not included in 3.x, so this strengthens my resolve to downgrade

#3 Updated by Dan Mick over 9 years ago

Confident these don't affect currently shipping code.

#4 Updated by Dan Mick over 9 years ago

  • Status changed from 12 to Can't reproduce

Confident this doesn't affect current code.

#5 Updated by Wade Mealing over 9 years ago

Thanks for your confirmation Dan :)

Also available in: Atom PDF