[openstack-dev] [nova][stable] Freeze exception for kilo CVE-2015-7548 backports

Thierry Carrez thierry at openstack.org
Fri Jan 15 10:04:02 UTC 2016


Matthew Booth wrote:
> The following 3 patches fix CVE-2015-7548 Unprivileged api user can
> access host data using instance snapshot:
>
> https://review.openstack.org/#/c/264819/
> https://review.openstack.org/#/c/264820/
> https://review.openstack.org/#/c/264821/
>
> The OSSA is rated critical. The patches have now landed on master and
> liberty after some delays in the gate. Given the importance of the fix I
> suspect that most/all downstream distributions will have already patched
> (certainly Red Hat has), but it would be good to have them in upstream
> stable.

Matt already posted a thread about giving an exception to this series:

http://lists.openstack.org/pipermail/openstack-dev/2016-January/084161.html

Cheers,

-- 
Thierry Carrez (ttx)



More information about the OpenStack-dev mailing list