yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #28171
[Bug 1408663] Re: [OSSA-2015-002] Glance still allows users to download and delete any file in glance-api server (CVE-2015-1195)
** Changed in: glance
Status: Fix Committed => Fix Released
** Changed in: glance
Milestone: None => kilo-2
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1408663
Title:
[OSSA-2015-002] Glance still allows users to download and delete any
file in glance-api server (CVE-2015-1195)
Status in OpenStack Image Registry and Delivery Service (Glance):
Fix Released
Status in Glance icehouse series:
Fix Committed
Status in Glance juno series:
Fix Released
Status in OpenStack Security Advisories:
Fix Released
Bug description:
Jin Liu reported that OSSA-2014-041 (CVE-2014-9493) only fixed the
vulnerability for swift: and file: URI, but overlooked filesystem:
URIs.
Please see bug 1400966 for historical reference.
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1408663/+subscriptions
References