[Openstack] [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850)

Dave Walker email at daviey.com
Tue Jun 16 23:18:00 UTC 2015


On 16 Jun 2015 8:46 pm, "Tristan Cacqueray" <tdecacqu at redhat.com> wrote:
>
> [dropped openstack-announces]
>
> On 06/16/2015 12:14 PM, Haïkel wrote:
> >> Notes
> >> > ~~~~~
> >> > - This fix will be included in future 2014.1.5 (icehouse), 2014.2.4
> >> >   (juno) and 2015.1.1 (kilo) releases.
> >> >
> > There were discussions about not issueing stable point releases anymore.
> > Will there be new releases or not ?
> >
> > Regards,
> > H.
> >
> >
>
> This is more of a question for stable maintainers, afaik the stable
> point release model is still under discussion and the plan seems to stop
> them after the one scheduled.
>
> If version number change or whatever, we may go back and provides errata
> to update these OSSAs notes.
>
> Regards,
> Tristan
>

Hi,

I want to clarify that it has never been the policy of the stable team to
create stable releases triggered by a notifiable security issue.

The stable branches were designed to be a collaborative area for
distributions and vendors to be able to work on and  collect patches for
their users.

However, a security fix would be included in the next scheduled time based
patch point release.

I believe every major Linux distribution released every security related
patch to their users, making it ahead of the upstream stable releases.

Each Linux distribution is pre-disclosed patches for embargoed issues ahead
of disclosure to help them prepare for announcement.

If you are a consumer from a mainstream distribution or vendor, then the
update situation will remain the same as it was previously.

If you are left in any doubt, please discuss the situation with your
vendor, or if a direct consumer of stable branches here.

Many thanks

--
Kind Regards,
Dave Walker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150617/26a2d833/attachment.html>


More information about the Openstack mailing list