[Openstack-operators] glance directory traversal bug and havana

Jesse Keating jlk at bluebox.net
Tue Jan 6 18:31:14 UTC 2015

Hopefully all of you have seen http://seclists.org/oss-sec/2015/q1/64 
which is the glance v2 api directory traversal bug. Upstream has fixed 
master (kilo) and juno, but havana has not been fixed.

We, unfortunately, have a few havana installs out there and we'd like to 
patch this ahead of our planned upgrade to Juno. I'm curious if anybody 
else out there is in the same situation and is working on backporting 
the glance patch. If not, I'll share the patch when I'm done, but if so 
I'd love to share in the work and help the effort.

Cheers, and happy patching!


More information about the OpenStack-operators mailing list