** Also affects: ossn
Importance: Undecided
Status: New
** No longer affects: ossn
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1813439
Title:
an instance can see other inst
According to the VMT's taxonomy ( https://security.openstack.org/vmt-
process.html#incident-report-taxonomy ) this seems like a class D.
** Also affects: ossn
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, wh
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
Is this a mis-configuration fro
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
Import
*** This bug is a duplicate of bug 1742102 ***
https://bugs.launchpad.net/bugs/1742102
** Also affects: ossa
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
** Also affects: ossn
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/177
Title:
paste_deploy flavor in sample configuration file shows misl
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
Import
IWAMOTO, I guess you could use this definition:
https://cve.mitre.org/about/terminology.html#vulnerability
Then regarding the OSSA task, we don't issue advisories for experimental
feature, and if I understand correctly, ovsfw is still
experimental/incomplete. Thus if it's not a class D, then it is
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
Back in Mitaka, OVS was an expe
Adding OSSN task based on comment #3
** Also affects: ossn
Importance: Undecided
Status: New
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity
I've added an OSSN task to see if a Security Note would make more sense
here since this is kind of an insecure default config value (class B2).
** Also affects: ossn
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering T
Switched to public security, closed the OSSA task and added an OSSN task
based on above comments.
** Description changed:
- This issue is being treated as a potential security risk under embargo.
- Please do not make any public mention of embargoed (private) security
- vulnerabilities before the
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
Import
Opening this report and adding an OSSN task based on above comments.
** Description changed:
- This issue is being treated as a potential security risk under embargo.
- Please do not make any public mention of embargoed (private) security
- vulnerabilities before their coordinated publication by
** Summary changed:
- Heat: template source URL allows network port scan (CVE-2016-9185)
+ [OSSA 2016-013] Heat: template source URL allows network port scan
(CVE-2016-9185)
** Changed in: ossa
Status: In Progress => Fix Released
--
You received this bug notification because you are a m
CVE has been requested with this affect line: <=5.0.3, >=6.0.0 <=6.1.0
and ==7.0.0
@Daniel, the bug is now public, feel free to submit patches to gerrit
for master (Ocata), Newton, Mikata and Liberty.
** Description changed:
- This issue is being treated as a potential security risk under embarg
Removed the security tags since it's a class E (or at best class D)
according to the VMT taxonomy: https://security.openstack.org/vmt-
process.html#incident-report-taxonomy.
** Information type changed from Public Security to Public
** Changed in: ossa
Status: Incomplete => Won't Fix
** T
I agree on the C1 class.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1625833
Title:
Prevent open redi
Oops, wrong bug updated. Well now that this is public, I've added
keystone to check that bug.
** Also affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1407092
Title:
cinder-api reflects JavaScript input
Statu
** Changed in: ossa
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1589821
Title:
cleanup_incomplete_migrations periodic task
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
I've add the OSSA task since it
Closing the OSSA task, reason: B3 type of bug according to VMT taxonomy
( https://security.openstack.org/vmt-process.html#incident-report-
taxonomy ).
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering
Closing the OSSA task, reason: C1 type of bug according to VMT taxonomy
( https://security.openstack.org/vmt-process.html#incident-report-
taxonomy ).
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering T
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
It seems like a class D type of
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1567673
Title:
[OSSA-2016-010] Possible client side
** Summary changed:
- ICMPv6 anti-spoofing rules are too permissive (CVE-2015-8914)
+ [OSSA-2016-009] ICMPv6 anti-spoofing rules are too permissive (CVE-2015-8914)
** Changed in: ossa
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ya
** Summary changed:
- Security Groups do not prevent MAC and/or IPv4 spoofing in DHCP requests
(CVE-2016-5362 and CVE-2016-5363)
+ [OSSA-2016-009] Security Groups do not prevent MAC and/or IPv4 spoofing in
DHCP requests (CVE-2016-5362 and CVE-2016-5363)
** Changed in: ossa
Status: In Pro
Ok my bad, then the OSSA task needs to be removed. Thanks!
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1575225
Title:
Neutr
** Changed in: ossa
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1577558
Title:
[OSSA 2016-008] v2.0 fernet tokens audi
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
So IIUC, nova mitaka version(s)
Based on above comment, I removed the OSSA task.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1575909
Ti
Public bug reported:
When calling the neutron-server api directly with '{"port_id": false}' like:
curl -X PUT
http://127.0.0.1:9696/v2.0/routers/${ROUTER_ID}/add_router_interface.json -d
'{"port_id": false}'
The neutron.api.v2.resource fails with this exception:
Traceback (most recent call las
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
Import
Based on a similar report (bug 1302080), I've closed the OSSA task.
However I've added an OSSN task to discuss an eventual Note about
compute and controller firewalling requirements.
** Also affects: ossn
Importance: Undecided
Status: New
** Changed in: ossa
Status: Incomplete =>
Based on above comments, I've switch that bug to public and removed the
OSSA task.
** Information type changed from Private Security to Public
** Description changed:
- This issue is being treated as a potential security risk under embargo.
- Please do not make any public mention of embargoed (p
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1553324
Title:
potential DOS with revoke by id or audit_id
** Changed in: ossa
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1558697
Title:
[kilo] libvirt block migrations fail due to di
Since f302bf04 was referenced in the advisory, we may have to send
another ERRATA to include the additional patch. I've added an OSSA task
to keep track of that effort.
** Also affects: ossa
Importance: Undecided
Status: New
** Changed in: ossa
Status: New => Incomplete
--
You
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1548450
Title:
[OSSA 2016-007] Host data leak during resi
The /var/lib/nova/instances directory is likely to be a packaging issue,
I don't know how disk image mode bits are set, but at least the disk
info is explicitly written as 644 by nova/virt/libvirt/imagebackend.py.
Anyway I closed the OSSA task since multi-user system is not a realistic
threat for
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
I agree with Robert, this expos
Agreed on the B1 (insecure default value), and I added an OSSN task for an
eventual Security Note.
Thank!
** Also affects: ossn
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1540208
Title:
CSRF mechanism is not safe.
Status in Open
** Description changed:
- This issue is being treated as a potential security risk under embargo.
- Please do not make any public mention of embargoed (private) security
- vulnerabilities before their coordinated publication by the OpenStack
- Vulnerability Management Team in the form of an offici
Agreed on class D, I closed the OSSA task, this could be re-opened
whenever the situation changes.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keys
** Summary changed:
- [OSSA 2015-006] PKI Token Revocation Bypass (CVE-2015-7546)
+ [OSSA 2015-005] PKI Token Revocation Bypass (CVE-2015-7546)
** Changed in: ossa
Status: Confirmed => Fix Released
** Summary changed:
- [OSSA 2015-005] PKI Token Revocation Bypass (CVE-2015-7546)
+ [OSSA
*** This bug is a duplicate of bug 1516031 ***
https://bugs.launchpad.net/bugs/1516031
** Information type changed from Private Security to Public
** Changed in: ossa
Status: Incomplete => Won't Fix
** This bug has been marked a duplicate of bug 1516031
Use of MD5 in OpenStack Glan
I've removed the privacy settings and put the OSSA tasks as Won't Fix
since it's a C1 type of bug (according to VMT taxonomy
https://security.openstack.org/vmt-process.html#incident-report-taxonomy
), This can be put back to incomplete if the situation changes.
** Information type changed from Pri
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1524274
Title:
[OSSA 2016-001] Unprivileged api user can
This is a class B3 type of bug (according to
https://security.openstack.org/vmt-process.html#incident-report-taxonomy
)
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neu
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
Import
According to VMT taxonomy, this is a class E.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1526244
Title
Until a clear consensus about whenever this bug caused an actual
security vulnerability, the OSSA task is now Won't Fix.
** Changed in: ossa
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Gla
** Information type changed from Private Security to Public
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1515444
Title:
Rout
The proposed change did not effectively fixed that issue.
** Changed in: nova
Status: Fix Released => Confirmed
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/14490
Since this does not qualify for an OpenStack Security Advisory (OSSA),
I've added an OSSN task to assess if a Security Note would work better
here.
** Also affects: ossn
Importance: Undecided
Status: New
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this b
Then according to VMT taxonomy ( https://security.openstack.org/vmt-
process.html#incident-report-taxonomy ), this sounds more like a class
D.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, whi
Alright, removing the security class and closing the OSSA task.
** Changed in: ossa
Status: Incomplete => Won't Fix
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to
Thanks Erno, I've removed the OSSA task
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1511061
Title:
Images in inconsistent st
*** This bug is a security vulnerability ***
Public security bug reported:
This have been reported by Daniel P. Berrange:
"
In the OpenStack Liberty release, the Glance project added support for image
signature verification.
http://specs.openstack.org/openstack/glance-specs/specs/liberty/image-
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
Can user make the image deletio
** Changed in: ossa
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1491307
Title:
[OSSA 2015-021] secgroup rules doesn't work
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1392527
Title:
[OSSA 2015-017] Deleting instance while re
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1498163
Title:
[OSSA 2015-020] Glance storage quota bypass when token is ex
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1482371
Title:
[OSSA 2015-019] Image status can be changed by passing heade
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1489111
Title:
[OSSA 2015-018] IP, MAC, and DHCP spoofing rules can by byp
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1483382
Title:
Able to request a V2 token for user and project in a non-default
Until this can be safely backported, the OSSA task is switched to Won't
fix.
** Changed in: ossa
Status: Triaged => Won't Fix
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is sub
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1482301
Title:
'X-Openstack-Request-ID' lenght limited only by header size
Statu
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1387543
Title:
[OSSA 2015-015] Resize/delete combo allows
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1471912
Title:
[OSSA 2015-014] Format-guessing and file disclosure via imag
The OSSA tasks is now closed. If Nova turns out to be affected, a new
OSSA will be required anyway.
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute
** Also affects: ossa
Importance: Undecided
Status: New
** Changed in: ossa
Status: New => Incomplete
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1482301
Title:
'X-Op
Public bug reported:
Trace:
ERROR neutron.agent.l3.agent [-] Failed to process compatible router
'1794ed9d-68d6-402c-a4e5-8041de4c4186'
TRACE neutron.agent.l3.agent Traceback (most recent call last):
TRACE neutron.agent.l3.agent File
"/usr/lib/python2.7/site-packages/neutron/agent/l3/agent.py"
Public bug reported:
Trace:
ERROR neutron.api.v2.resource [req-dbf179d1-62ac-4537-be15-c2088669f75c ]
add_router_interface failed
TRACE neutron.api.v2.resource Traceback (most recent call last):
TRACE neutron.api.v2.resource File
"/usr/lib/python2.7/site-packages/neutron/api/v2/resource.py", l
Public bug reported:
Incorrect json input cause error instead of being invalidated properly:
Type error in dns_nameservers raise keyerror:
ERROR neutron.api.v2.resource [req-be58f6e1-db2f-4b2e-9620-afb49bdd4552 demo
d1da3f8632e3413b915eda78899806d7] create failed
Traceback (most recent call las
Public bug reported:
Trace:
ERROR neutron.agent.linux.utils [req-26ce0148-4bc4-40bd-96ac-e9d484f37b61 demo
12b3399d1cb64da488e20f6a7c355d10]
Command: ['sudo', '/usr/local/bin/neutron-rootwrap',
'/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec',
'qdhcp-6cdefebf-ab88-4f55-b2b9-719286a7b75b', '
Public bug reported:
Trace:
ERROR neutron.agent.dhcp_agent [-] Unable to enable dhcp for
125c7403-1ef1-489c-bc0c-cf6a0f83e742.
Traceback (most recent call last):
File "/opt/stack/neutron/neutron/agent/dhcp_agent.py", line 128, in
call_driver
getattr(driver, action)(**action_kwargs)
File
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1461054
Title:
[OSSA 2015-012] Adding 0.0.0.0/0 to allowed address pairs b
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1461728
Title:
V2.0 API not calling defined external auth
Status in OpenStack
Sylvain, if the trusted computing feature of Nova doesn't prevent an
instance to spawn on a compromised node, then maybe the feature should
be removed, or at least have a clear mention about that behavior.
According to vulnerability taxonomy, this issue falls in the B2 class (
https://security.ope
** Changed in: ossa
Status: Incomplete => Won't Fix
** Information type changed from Private Security to Public
** Also affects: ossn
Importance: Undecided
Status: New
** Changed in: ossn
Status: New => Incomplete
--
You received this bug notification because you are a
This is a class D type of bug ( https://security.openstack.org/vmt-
process.html#incident-report-taxonomy ).
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Comp
Agreed on class D type of bug.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1461431
Title:
Enable admin pas
All patches are now merged, shouldn't series task be added to Horizon ?
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.l
Thanks Salvatore for the detail.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1443798
Title:
Restrict netmask of CIDR to avo
** Also affects: ossn
Importance: Undecided
Status: New
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1455582
Title:
Then it's an OSSA class E type of bug.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1461095
Title:
Token is not revoked whe
** Also affects: ossa
Importance: Undecided
Status: New
** Changed in: ossa
Status: New => Incomplete
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1461095
Title:
Tok
** Summary changed:
- Sanitation of metadata label (CVE-2015-3988)
+ [OSSA 2015-009] Sanitation of metadata label (CVE-2015-3988)
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1443598
Title:
[OSSA 2015-008] backend_argument containing a password lea
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
Can a Nova core confirm that re
I've mark the OSSA task as won't fix as it's considered a vulnerability
per se.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.laun
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1435386
Title:
Specific config setting may result in VMs being
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Also affects: ossa
Import
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1409142
Title:
[OSSA 2015-005] Websocket Hijacking Vulner
Thanks Brant for the quick feedback!
I opened the bug since it only concerns master, can you please confirm
the keystone part and tag it for kilo in order to have it fixed before
the release ?
** Information type changed from Private Security to Public Security
** Changed in: ossa
Status:
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1371118
Title:
[OSSA 2015-004] Image file stays in store if image has been
** Changed in: ossa
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1420696
Title:
[OSSA 2015-004] Image data remains in backend after deleting t
1 - 100 of 137 matches
Mail list logo
