euca-bundle-vol, euca-bundle-image use invalid sha1sum
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
euca2ools |
Fix Released
|
Undecided
|
Unassigned | ||
euca2ools (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
Binary package hint: euca2ools
The check_image function at [1,2] has incorrect indentation.
sha_image = sha()
while 1:
if not buf:
break
sha_
return image_size, hexlify(
The result is that the above always returns the same sha1sum as 'sha1sum /dev/null', and thus all euca2ools generated manifests have the string:
<digest algorithm=
I'm not sure what the checksum is used for here, so I'm not sure if this is a security issue (I dont think so).
--
[1] http://
[2] http://
Changed in euca2ools (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → High |
affects: | eucalyptus → euca2ools |
Changed in euca2ools: | |
status: | New → Confirmed |
Changed in euca2ools: | |
status: | Confirmed → Fix Committed |
security vulnerability: | yes → no |
visibility: | private → public |
Changed in euca2ools (Ubuntu): | |
status: | Triaged → Fix Committed |
Changed in euca2ools: | |
status: | Fix Committed → Fix Released |
This issue has been fixed in upstream as revision 318.