** Also affects: ossn
Importance: Undecided
Status: New
** No longer affects: ossn
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1813439
Title:
an instance can see other
According to the VMT's taxonomy ( https://security.openstack.org/vmt-
process.html#incident-report-taxonomy ) this seems like a class D.
** Also affects: ossn
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team,
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
Is this a mis-configuration
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
*** This bug is a duplicate of bug 1742102 ***
https://bugs.launchpad.net/bugs/1742102
** Also affects: ossa
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute
** Also affects: ossn
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/177
Title:
paste_deploy flavor in sample configuration file shows
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
IWAMOTO, I guess you could use this definition:
https://cve.mitre.org/about/terminology.html#vulnerability
Then regarding the OSSA task, we don't issue advisories for experimental
feature, and if I understand correctly, ovsfw is still
experimental/incomplete. Thus if it's not a class D, then it
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
Back in Mitaka, OVS was an
Adding OSSN task based on comment #3
** Also affects: ossn
Importance: Undecided
Status: New
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity
I've added an OSSN task to see if a Security Note would make more sense
here since this is kind of an insecure default config value (class B2).
** Also affects: ossn
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering
Switched to public security, closed the OSSA task and added an OSSN task
based on above comments.
** Description changed:
- This issue is being treated as a potential security risk under embargo.
- Please do not make any public mention of embargoed (private) security
- vulnerabilities before
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
Opening this report and adding an OSSN task based on above comments.
** Description changed:
- This issue is being treated as a potential security risk under embargo.
- Please do not make any public mention of embargoed (private) security
- vulnerabilities before their coordinated publication by
** Summary changed:
- Heat: template source URL allows network port scan (CVE-2016-9185)
+ [OSSA 2016-013] Heat: template source URL allows network port scan
(CVE-2016-9185)
** Changed in: ossa
Status: In Progress => Fix Released
--
You received this bug notification because you are a
CVE has been requested with this affect line: <=5.0.3, >=6.0.0 <=6.1.0
and ==7.0.0
@Daniel, the bug is now public, feel free to submit patches to gerrit
for master (Ocata), Newton, Mikata and Liberty.
** Description changed:
- This issue is being treated as a potential security risk under
Removed the security tags since it's a class E (or at best class D)
according to the VMT taxonomy: https://security.openstack.org/vmt-
process.html#incident-report-taxonomy.
** Information type changed from Public Security to Public
** Changed in: ossa
Status: Incomplete => Won't Fix
**
I agree on the C1 class.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1625833
Title:
Prevent open
Oops, wrong bug updated. Well now that this is public, I've added
keystone to check that bug.
** Also affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1407092
Title:
cinder-api reflects JavaScript input
** Changed in: ossa
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1589821
Title:
cleanup_incomplete_migrations periodic task
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
I've add the OSSA task since
Closing the OSSA task, reason: B3 type of bug according to VMT taxonomy
( https://security.openstack.org/vmt-process.html#incident-report-
taxonomy ).
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering
Closing the OSSA task, reason: C1 type of bug according to VMT taxonomy
( https://security.openstack.org/vmt-process.html#incident-report-
taxonomy ).
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
It seems like a class D type
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1567673
Title:
[OSSA-2016-010] Possible client side
** Summary changed:
- ICMPv6 anti-spoofing rules are too permissive (CVE-2015-8914)
+ [OSSA-2016-009] ICMPv6 anti-spoofing rules are too permissive (CVE-2015-8914)
** Changed in: ossa
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of
** Summary changed:
- Security Groups do not prevent MAC and/or IPv4 spoofing in DHCP requests
(CVE-2016-5362 and CVE-2016-5363)
+ [OSSA-2016-009] Security Groups do not prevent MAC and/or IPv4 spoofing in
DHCP requests (CVE-2016-5362 and CVE-2016-5363)
** Changed in: ossa
Status: In
Ok my bad, then the OSSA task needs to be removed. Thanks!
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1575225
Title:
** Changed in: ossa
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1577558
Title:
[OSSA 2016-008] v2.0 fernet tokens
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
So IIUC, nova mitaka
Based on above comment, I removed the OSSA task.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1575909
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
Based on a similar report (bug 1302080), I've closed the OSSA task.
However I've added an OSSN task to discuss an eventual Note about
compute and controller firewalling requirements.
** Also affects: ossn
Importance: Undecided
Status: New
** Changed in: ossa
Status: Incomplete
Based on above comments, I've switch that bug to public and removed the
OSSA task.
** Information type changed from Private Security to Public
** Description changed:
- This issue is being treated as a potential security risk under embargo.
- Please do not make any public mention of embargoed
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1553324
Title:
potential DOS with revoke by id or
** Changed in: ossa
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1558697
Title:
[kilo] libvirt block migrations fail due to
Since f302bf04 was referenced in the advisory, we may have to send
another ERRATA to include the additional patch. I've added an OSSA task
to keep track of that effort.
** Also affects: ossa
Importance: Undecided
Status: New
** Changed in: ossa
Status: New => Incomplete
--
You
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1548450
Title:
[OSSA 2016-007] Host data leak during
The /var/lib/nova/instances directory is likely to be a packaging issue,
I don't know how disk image mode bits are set, but at least the disk
info is explicitly written as 644 by nova/virt/libvirt/imagebackend.py.
Anyway I closed the OSSA task since multi-user system is not a realistic
threat for
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
I agree with Robert, this
Agreed on the B1 (insecure default value), and I added an OSSN task for an
eventual Security Note.
Thank!
** Also affects: ossn
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to
** Description changed:
- This issue is being treated as a potential security risk under embargo.
- Please do not make any public mention of embargoed (private) security
- vulnerabilities before their coordinated publication by the OpenStack
- Vulnerability Management Team in the form of an
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1540208
Title:
CSRF mechanism is not safe.
Status in
Agreed on class D, I closed the OSSA task, this could be re-opened
whenever the situation changes.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity
** Summary changed:
- [OSSA 2015-006] PKI Token Revocation Bypass (CVE-2015-7546)
+ [OSSA 2015-005] PKI Token Revocation Bypass (CVE-2015-7546)
** Changed in: ossa
Status: Confirmed => Fix Released
** Summary changed:
- [OSSA 2015-005] PKI Token Revocation Bypass (CVE-2015-7546)
+ [OSSA
I've removed the privacy settings and put the OSSA tasks as Won't Fix
since it's a C1 type of bug (according to VMT taxonomy
https://security.openstack.org/vmt-process.html#incident-report-taxonomy
), This can be put back to incomplete if the situation changes.
** Information type changed from
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1524274
Title:
[OSSA 2016-001] Unprivileged api user can
This is a class B3 type of bug (according to
https://security.openstack.org/vmt-process.html#incident-report-taxonomy
)
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
According to VMT taxonomy, this is a class E.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1526244
Until a clear consensus about whenever this bug caused an actual
security vulnerability, the OSSA task is now Won't Fix.
** Changed in: ossa
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to
** Information type changed from Private Security to Public
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1515444
Title:
The proposed change did not effectively fixed that issue.
** Changed in: nova
Status: Fix Released => Confirmed
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
Since this does not qualify for an OpenStack Security Advisory (OSSA),
I've added an OSSN task to assess if a Security Note would work better
here.
** Also affects: ossn
Importance: Undecided
Status: New
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this
Thanks Erno, I've removed the OSSA task
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1511061
Title:
Images in inconsistent
Alright, removing the security class and closing the OSSA task.
** Changed in: ossa
Status: Incomplete => Won't Fix
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed
Then according to VMT taxonomy ( https://security.openstack.org/vmt-
process.html#incident-report-taxonomy ), this sounds more like a class
D.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team,
*** This bug is a security vulnerability ***
Public security bug reported:
This have been reported by Daniel P. Berrange:
"
In the OpenStack Liberty release, the Glance project added support for image
signature verification.
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1392527
Title:
[OSSA 2015-017] Deleting instance while
** Changed in: ossa
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1491307
Title:
[OSSA 2015-021] secgroup rules doesn't work
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1498163
Title:
[OSSA 2015-020] Glance storage quota bypass when token is
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1482371
Title:
[OSSA 2015-019] Image status can be changed by passing
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1489111
Title:
[OSSA 2015-018] IP, MAC, and DHCP spoofing rules can by
Until this can be safely backported, the OSSA task is switched to Won't
fix.
** Changed in: ossa
Status: Triaged => Won't Fix
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1483382
Title:
Able to request a V2 token for user and project in a
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1482301
Title:
'X-Openstack-Request-ID' lenght limited only by header size
** Changed in: ossa
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1387543
Title:
[OSSA 2015-015] Resize/delete combo allows
** Changed in: ossa
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1471912
Title:
[OSSA 2015-014] Format-guessing and file disclosure via
The OSSA tasks is now closed. If Nova turns out to be affected, a new
OSSA will be required anyway.
** Changed in: ossa
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute
** Also affects: ossa
Importance: Undecided
Status: New
** Changed in: ossa
Status: New = Incomplete
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1482301
Title:
Public bug reported:
Trace:
ERROR neutron.agent.l3.agent [-] Failed to process compatible router
'1794ed9d-68d6-402c-a4e5-8041de4c4186'
TRACE neutron.agent.l3.agent Traceback (most recent call last):
TRACE neutron.agent.l3.agent File
/usr/lib/python2.7/site-packages/neutron/agent/l3/agent.py,
Public bug reported:
Trace:
ERROR neutron.api.v2.resource [req-dbf179d1-62ac-4537-be15-c2088669f75c ]
add_router_interface failed
TRACE neutron.api.v2.resource Traceback (most recent call last):
TRACE neutron.api.v2.resource File
/usr/lib/python2.7/site-packages/neutron/api/v2/resource.py,
Public bug reported:
Incorrect json input cause error instead of being invalidated properly:
Type error in dns_nameservers raise keyerror:
ERROR neutron.api.v2.resource [req-be58f6e1-db2f-4b2e-9620-afb49bdd4552 demo
d1da3f8632e3413b915eda78899806d7] create failed
Traceback (most recent call
Public bug reported:
Trace:
ERROR neutron.agent.linux.utils [req-26ce0148-4bc4-40bd-96ac-e9d484f37b61 demo
12b3399d1cb64da488e20f6a7c355d10]
Command: ['sudo', '/usr/local/bin/neutron-rootwrap',
'/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec',
'qdhcp-6cdefebf-ab88-4f55-b2b9-719286a7b75b',
Public bug reported:
Trace:
ERROR neutron.agent.dhcp_agent [-] Unable to enable dhcp for
125c7403-1ef1-489c-bc0c-cf6a0f83e742.
Traceback (most recent call last):
File /opt/stack/neutron/neutron/agent/dhcp_agent.py, line 128, in
call_driver
getattr(driver, action)(**action_kwargs)
File
** Changed in: ossa
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1461054
Title:
[OSSA 2015-012] Adding 0.0.0.0/0 to allowed address pairs
** Changed in: ossa
Status: Incomplete = Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1461728
Title:
V2.0 API not calling defined external auth
Status in OpenStack
** Changed in: ossa
Status: Incomplete = Won't Fix
** Information type changed from Private Security to Public
** Also affects: ossn
Importance: Undecided
Status: New
** Changed in: ossn
Status: New = Incomplete
--
You received this bug notification because you are a
This is a class D type of bug ( https://security.openstack.org/vmt-
process.html#incident-report-taxonomy ).
** Changed in: ossa
Status: Incomplete = Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack
Agreed on class D type of bug.
** Changed in: ossa
Status: Incomplete = Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1461431
Title:
Enable admin
All patches are now merged, shouldn't series task be added to Horizon ?
** Changed in: ossa
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
** Also affects: ossn
Importance: Undecided
Status: New
** Changed in: ossa
Status: Incomplete = Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1455582
Title:
Then it's an OSSA class E type of bug.
** Changed in: ossa
Status: Incomplete = Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1461095
Title:
Token is not revoked
** Also affects: ossa
Importance: Undecided
Status: New
** Changed in: ossa
Status: New = Incomplete
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1461095
Title:
** Summary changed:
- Sanitation of metadata label (CVE-2015-3988)
+ [OSSA 2015-009] Sanitation of metadata label (CVE-2015-3988)
** Changed in: ossa
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is
** Changed in: ossa
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1443598
Title:
[OSSA 2015-008] backend_argument containing a password
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
Can a Nova core confirm that
I've mark the OSSA task as won't fix as it's considered a vulnerability
per se.
** Changed in: ossa
Status: Incomplete = Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
** Changed in: ossa
Status: Incomplete = Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1435386
Title:
Specific config setting may result in VMs being
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
** Changed in: ossa
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1409142
Title:
[OSSA 2015-005] Websocket Hijacking
Thanks Brant for the quick feedback!
I opened the bug since it only concerns master, can you please confirm
the keystone part and tag it for kilo in order to have it fixed before
the release ?
** Information type changed from Private Security to Public Security
** Changed in: ossa
** Changed in: ossa
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1420696
Title:
[OSSA 2015-004] Image data remains in backend after deleting
** Changed in: ossa
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1371118
Title:
[OSSA 2015-004] Image file stays in store if image has been
This bug is not affecting a released version, let's open it. Feel free
to send patch directly to gerrit now.
** Information type changed from Private Security to Public Security
** Changed in: ossa
Status: Incomplete = Won't Fix
--
You received this bug notification because you are a
class D confirmed, setting the OSSA task as won't fix.
** Changed in: ossa
Status: Incomplete = Won't Fix
** Changed in: ossa
Assignee: Marian Horban (mhorban) = (unassigned)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is
** Changed in: ossa
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1398830
Title:
[OSSA 2015-003] Glance image leak when in saving state
** Changed in: ossa
Status: Incomplete = Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1414529
Title:
eval being used in session.py
Status in
** Changed in: ossa
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1408663
Title:
[OSSA-2015-002] Glance still allows users to download and
1 - 100 of 128 matches
Mail list logo
