Source: glance Version: 2014.1.3-5 Severity: serious Tags: security upstream
Hi Setting this to serious/RC since this probably should go as well to jessie (please let me know if you disagree on severity). From [1]: [1] http://www.openwall.com/lists/oss-security/2014/12/23/2 > Masahito Muroi from NTT reported a vulnerability in Glance. By setting > a malicious image location an authenticated user can download or delete > any file on the Glance server for which the Glance process user has > access to. Only setups using the Glance V2 API are affected by this flaw. More details are also on the Red Hat bugzilla entry[2]. [2] https://bugzilla.redhat.com/show_bug.cgi?id=1174474 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
