Cloning to RDO where we ship openvswitch until it hits baseOS in RHEL 7.3 Same as Fedora, we're updating to 2.5 which is not vulnerable. +++ This bug was initially created as a clone of Bug #1321946 +++ For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. --- Additional comment from Panu Matilainen on 2016-03-29 09:04:48 EDT --- In Fedora this gets handled via update to OVS 2.5. The CVE details were not known at the time these updates were submitted, but since OVS 2.5 is not vulnerable then these suffice as the fix:
This bug is against a Version which has reached End of Life. If it's still present in supported release (http://releases.openstack.org), please update Version and reopen.