Matthew Booth wrote: > The following 3 patches fix CVE-2015-7548 Unprivileged api user can > access host data using instance snapshot: > > https://review.openstack.org/#/c/264819/ > https://review.openstack.org/#/c/264820/ > https://review.openstack.org/#/c/264821/ > > The OSSA is rated critical. The patches have now landed on master and > liberty after some delays in the gate. Given the importance of the fix I > suspect that most/all downstream distributions will have already patched > (certainly Red Hat has), but it would be good to have them in upstream > stable. Matt already posted a thread about giving an exception to this series: http://lists.openstack.org/pipermail/openstack-dev/2016-January/084161.html Cheers, -- Thierry Carrez (ttx)