** Changed in: glance/icehouse
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1408663
Title:
[OSSA-2015-002] Glance still allows users to download and delete any
file in glance-api server (CVE-2015-1195)
Status in OpenStack Image Registry and Delivery Service (Glance):
Fix Released
Status in Glance icehouse series:
Fix Released
Status in Glance juno series:
Fix Released
Status in OpenStack Security Advisories:
Fix Released
Bug description:
Jin Liu reported that OSSA-2014-041 (CVE-2014-9493) only fixed the
vulnerability for swift: and file: URI, but overlooked filesystem:
URIs.
Please see bug 1400966 for historical reference.
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1408663/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
