Return-Path: X-Original-To: apmail-incubator-cloudstack-users-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 60E399FB6 for ; Wed, 10 Oct 2012 20:06:21 +0000 (UTC) Received: (qmail 1057 invoked by uid 500); 10 Oct 2012 20:06:21 -0000 Delivered-To: apmail-incubator-cloudstack-users-archive@incubator.apache.org Received: (qmail 1036 invoked by uid 500); 10 Oct 2012 20:06:21 -0000 Mailing-List: contact cloudstack-users-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-users@incubator.apache.org Delivered-To: mailing list cloudstack-users@incubator.apache.org Received: (qmail 1026 invoked by uid 99); 10 Oct 2012 20:06:21 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 10 Oct 2012 20:06:21 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW X-Spam-Check-By: apache.org Received-SPF: unknown mxinclude:zoho.com~all (athena.apache.org: encountered unrecognized mechanism during SPF processing of domain of jlk@stratosec.co) Received: from [216.32.180.187] (HELO co1outboundpool.messaging.microsoft.com) (216.32.180.187) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 10 Oct 2012 20:06:15 +0000 Received: from mail153-co1-R.bigfish.com (10.243.78.235) by CO1EHSOBE005.bigfish.com (10.243.66.68) with Microsoft SMTP Server id 14.1.225.23; Wed, 10 Oct 2012 20:05:55 +0000 Received: from mail153-co1 (localhost [127.0.0.1]) by mail153-co1-R.bigfish.com (Postfix) with ESMTP id 17D368001A0 for ; Wed, 10 Oct 2012 20:05:55 +0000 (UTC) X-Forefront-Antispam-Report: CIP:157.56.244.213;KIP:(null);UIP:(null);IPV:NLI;H:CH1PRD0510HT001.namprd05.prod.outlook.com;RD:none;EFVD:NLI X-SpamScore: -10 X-BigFish: PS-10(z98bRz98dI9371Ic85dh1432Izz1d18h1202h1d1ah1d2ah1082kzz8275ch17326ah8275bh8275dh177df4hz2dh2a8h668h839hd25he5bhf0ah107ah1288h12a5h12bdh137ah139eh1441h1155h) Received: from mail153-co1 (localhost.localdomain [127.0.0.1]) by mail153-co1 (MessageSwitch) id 1349899553284756_29038; Wed, 10 Oct 2012 20:05:53 +0000 (UTC) Received: from CO1EHSMHS001.bigfish.com (unknown [10.243.78.241]) by mail153-co1.bigfish.com (Postfix) with ESMTP id 3E4D1A40059 for ; Wed, 10 Oct 2012 20:05:53 +0000 (UTC) Received: from CH1PRD0510HT001.namprd05.prod.outlook.com (157.56.244.213) by CO1EHSMHS001.bigfish.com (10.243.66.11) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 10 Oct 2012 20:05:49 +0000 Received: from [172.17.97.8] (199.16.140.24) by pod51010.outlook.com (10.255.150.36) with Microsoft SMTP Server (TLS) id 14.16.207.9; Wed, 10 Oct 2012 20:05:45 +0000 From: John Kinsella Content-Type: multipart/alternative; boundary="Apple-Mail=_A16AB93C-CA8C-4BD0-8BC3-E09229DAD7F4" Message-ID: MIME-Version: 1.0 (Mac OS X Mail 6.1 \(1498\)) Subject: Re: question about CVE-2012-4501 and version 3.0.2 Date: Wed, 10 Oct 2012 13:05:43 -0700 References: To: In-Reply-To: X-Mailer: Apple Mail (2.1498) X-Originating-IP: [199.16.140.24] X-OriginatorOrg: stratosec.co X-Virus-Checked: Checked by ClamAV on apache.org --Apple-Mail=_A16AB93C-CA8C-4BD0-8BC3-E09229DAD7F4 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" 3.0.2 is not an Apache release. That said, it is still vulnerable. On Oct 10, 2012, at 12:57 PM, Bryan Whitehead wrote: > As referenced here: > http://permalink.gmane.org/gmane.comp.security.bugtraq/50629 > > Does this affect the 3.0.2 release of CloudStack? I believe CloudStack > was handed off to Apache before this release. > > -Bryan > Stratosec - Secure Infrastructure as a Service o: 415.315.9385 @johnlkinsella --Apple-Mail=_A16AB93C-CA8C-4BD0-8BC3-E09229DAD7F4--