© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
MITRE has assigned CVE-2024-29156 for this bug in Murano.
kirualawliet: I have adjusted the reference to your colleague's name as requested in the bug description, OSSN publication, and submitted an update request to MITRE to adjust it in the CVE metadata they have. Note that I can't correct it in mailing list posts which have already been sent, but hopefully this is sufficient.
Avinash Hanwate: The OpenStack VMT prefers to avoid notifying downstream distribution security teams early in the discussion of suspected vulnerabilities under embargo, which is why we follow a process to request CVE assignments for our advisories directly from MITRE when we're drafting them rather than Red Hat or similar CNAs. We've also got consensus among the VMT that we don't issue advisories often enough to warrant becoming our own CNA, though we do revisit that decision from time to time. As mentioned, this isn't an official security advisory issued by the OpenStack VMT anyway, but I followed a similar CVE request process to what we normally use for the sake of consistency. Thanks for the offer of assistance though!