@Peter, please compare your work against that which Mike proposed
@Thierry, yes, we should roll a 1.9.1 with this patch when it lands.
I'd update the CVE description to the following (I'm sure it could be improved):
Peter Portante at Red Hat, Inc. reported a vulnerability in Swift. By issuing requests with an old X-Timestamp value, an authenticated attacker can fill an object server with superfluous object tombstones, which may significantly slow down subsequent requests to that object server, facilitating a Denial of Service attack against Swift clusters. The patch prevents this behavior by rejecting requests that would add older objects on disk.
@Peter, please compare your work against that which Mike proposed
@Thierry, yes, we should roll a 1.9.1 with this patch when it lands.
I'd update the CVE description to the following (I'm sure it could be improved):
Peter Portante at Red Hat, Inc. reported a vulnerability in Swift. By issuing requests with an old X-Timestamp value, an authenticated attacker can fill an object server with superfluous object tombstones, which may significantly slow down subsequent requests to that object server, facilitating a Denial of Service attack against Swift clusters. The patch prevents this behavior by rejecting requests that would add older objects on disk.