Package: heat Version: 2013.2-4 Severity: grave Tags: security upstream Hi,
the following vulnerabilities were published for heat, the first one beeing a privilege escalation. Only checked against havana (and this should be the first one with supporting heat). CVE-2013-6428[0]: Heat ReST API doesn't respect tenant scoping CVE-2013-6426[1]: Heat CFN policy rules not all enforced The upstream bugreports at launchpad contain also patches for havana. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6428 http://security-tracker.debian.org/tracker/CVE-2013-6428 https://launchpad.net/bugs/1256983 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6426 http://security-tracker.debian.org/tracker/CVE-2013-6426 https://launchpad.net/bugs/1256049 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org