Re: [openstack-dev] [nova][stable] Freeze exception for kilo CVE-2015-7548 backports

Thierry Carrez Fri, 15 Jan 2016 02:07:58 -0800

Matthew Booth wrote:

The following 3 patches fix CVE-2015-7548 Unprivileged api user can
access host data using instance snapshot:


https://review.openstack.org/#/c/264819/
https://review.openstack.org/#/c/264820/
https://review.openstack.org/#/c/264821/

The OSSA is rated critical. The patches have now landed on master and
liberty after some delays in the gate. Given the importance of the fix I
suspect that most/all downstream distributions will have already patched
(certainly Red Hat has), but it would be good to have them in upstream
stable.


Matt already posted a thread about giving an exception to this series:

http://lists.openstack.org/pipermail/openstack-dev/2016-January/084161.html

Cheers,

--
Thierry Carrez (ttx)

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [nova][stable] Freeze exception for kilo CVE-2015-7548 backports

Reply via email to