Bug #2860
CVE-2013-4180 - Potential DoS in HostsController
Description
HostController#power and HostController#ipmi_boot convert user input to symbol which could lead to memory exhaustion. Patch already sent, so setting Ready For Testing status.
Associated revisions
fixes #2860 - don't convert arbitrary input into symbols (CVE-2013-4180)
History
#1
Updated by Dominic Cleal over 9 years ago
- File 0001-fixes-2860-don-t-convert-arbitrary-input-into-symbol.patch 0001-fixes-2860-don-t-convert-arbitrary-input-into-symbol.patch added
- Status changed from Ready For Testing to Pending
Patch ACKed by me, pending merge with 1.2.1 release.
#2
Updated by Marek Hulán over 9 years ago
- Subject changed from Potential DoS in HostsController to CVE-2013-4180 - Potential DoS in HostsController
#3
Updated by Dominic Cleal over 9 years ago
- Target version changed from 1.2.1 to 1.2.2
#5
Updated by Dominic Cleal over 9 years ago
- Private changed from Yes to No
#6
Updated by Marek Hulán over 9 years ago
- Status changed from Pending to Closed
- % Done changed from 0 to 100
Applied in changeset d370f4aac4efab233371d243e1414f843d6dcae6.
fixes #2860 - don't convert arbitrary input into symbols (CVE-2013-4180)