openstack
/
ossa
Code Issues Proposed changes
269 Commits 1 Branch 0 Tags 1.9 MiB
Commit Graph

91 Commits

Author SHA1 Message Date
Jeremy Stanley 136b24c5dd Add errata 3 for OSSA-2023-003 
Since this only impacts the fix for stable/wallaby which is not
under normal maintenance, we'll dispose with the usual errata
announcements.

Change-Id: Ibd0d1d796012fb5d34d48925ce34f6f1c300b54e
Related-Bug: #2004555
 2023-05-15 19:21:18 +00:00
Jeremy Stanley d62fe374e4 Add OSSA-2023-003 (CVE-2023-2088) 
Change-Id: Iab9cca074c2928dbecbe512f813fe421a744c592
Closes-Bug: #2004555
 2023-05-10 16:59:41 +00:00
Jeremy Stanley 07833d0dcd Add OSSA-2023-002 (CVE-2022-47951) 
Change-Id: If071ca13337d87f24bbbdec24cbecb826165f4f4
Closes-Bug: #1996188
 2023-01-24 15:28:40 +00:00
Jeremy Stanley 0b14e1f02d Add OSSA-2023-001 (CVE-2022-47950) 
Change-Id: I07a10908a8d1ce314413f601c8f282cca0451cc1
Closes-Bug: #1998625
 2023-01-17 15:15:28 +00:00
Jeremy Stanley 51a1bf0699 Errata 1 for OSSA-2021-002 
Change-Id: Iaeb40574176ae62542a0c17e94917e654d38317d
Closes-Bug: #1927677
 2021-09-27 15:02:06 +00:00
Marc Gariepy b27c2be28f Update OSSA-2021-005 (CVE-2021-40085) 
add link to all the fixed releases

Change-Id: I54702c44f5cadb0f97489422af517df2aa2c6281
 2021-09-10 10:45:47 -04:00
Jeremy Stanley 4f5d81b664 Add OSSA-2021-006 (CVE-2021-40797) 
Change-Id: Ie61b5ffbec78e8c90e5ad773c9479f0d7ae1b932
Closes-Bug: #1942179
 2021-09-08 20:15:03 +00:00
Jeremy Stanley 55e0ee4953 Add OSSA-2021-005 (CVE-2021-40085) 
Change-Id: I58b8c608547e24ee144cab805d17c55045e4279a
Closes-Bug: #1939733
 2021-08-31 13:56:02 +00:00
Jeremy Stanley 5bfba3e739 Add OSSA-2021-004 (CVE-2021-38598) 
Change-Id: I91b44e7fab3209170efd8dc594cb1b442ee48c2d
Closes-Bug: #1938670
 2021-08-12 14:55:33 +00:00
Jeremy Stanley cf49e91bb4 Add OSSA-2021-003 (CVE-2021-38155) 
Change-Id: Ic9c5d7a45be8a083931b2600adbc76c9e292d0ab
Closes-Bug: #1688137
 2021-08-06 21:38:08 +00:00
Jeremy Stanley 08f2c78ccf Add OSSA-2021-002 (CVE-2021-3654) 
Change-Id: I1574738a9aa047314c9b933f8bbe032d346cd2d7
Closes-Bug: #1927677
 2021-07-28 18:16:17 +00:00
Jeremy Stanley 51cb75e92e Update publication date for OSSA-2021-001 
Follow-up to correct the date on which OSSA-2021-001 was published
so that we don't lose the existing votes on the original change.

Change-Id: I295a49103c651d4b40a557dda0b2b9ea4b124bfa
 2021-07-12 17:28:33 +00:00
Jeremy Stanley 239ec3826a Add OSSA-2021-001 (CVE-2021-20267) 
Change-Id: I6bcc8392831efbdc7759b0ed5340023bb0440c85
Closes-Bug: #1902917
 2021-07-08 20:49:35 +00:00
Marc Gariepy fc1a66d398 Add missing releases for the CVE 
Change-Id: Id450757b2a6a026839be26cf9e8f243f76594348
 2021-01-06 14:57:19 -05:00
Jeremy Stanley 0611333d3c OSSA-2020-008: add missing links for some branches 
The original advisory omitted URLs for fixes on branches newer than
stable/train, so add those for all other branches where similar
patches merged.

Note the outstanding changes for branches earlier than stable/stein
are proposed but not currently passing CI jobs and have yet to be
reviewed, so they're not included here.

Change-Id: I238e1d91e6a6662d3af3800a114a7b3072660f92
 2020-12-08 15:58:00 +00:00
Gage Hugo f058c5f206 Add OSSA-2020-008 (CVE-2020-29565) 
Change-Id: Ide92bb95bc2b542a4852965e42e31c72d74294a7
Closes-Bug: #1865026
 2020-12-07 16:43:54 +00:00
Pierre Riteau 18f75e074c Add OSSA-2020-007 (CVE-2020-26943) 
Change-Id: I18de37da9f22fe28c60fc1fbfb1322aaaad11b88
Related-Bug: #1895688
 2020-10-12 09:50:19 +02:00
Jeremy Stanley 2cdc6ae087 Add OSSA-2020-006 (CVE-2020-17376) 
Change-Id: I4bb95e74551dc02664074a006f462683967f50f3
Related-Bug: #1890501
 2020-08-25 15:14:40 +00:00
Gage Hugo 961fed2305 Update OSSA-2020-003 through 005 with CVE 
MITRE got back to us with designated CVE ids, this change updates
the ossa reports to reflect this.

Change-Id: Ib3f1eb7e9cd9d152c506710ac7a3df1cf16a8e51
 2020-05-07 19:35:13 +00:00
Zuul a3fe0574b8 Merge "Add OSSA-2020-004 (CVEs Pending)" 2020-05-06 18:57:18 +00:00
Zuul a8f7bd09fb Merge "Add OSSA-2020-005 (CVE Pending)" 2020-05-06 18:57:17 +00:00
Gage Hugo 3696964abe Add OSSA-2020-005 (CVE Pending) 
Change-Id: I6b422cc4491d2c785565716ee4d07ca58efcdb0a
Closes-Bug: #1873290
 2020-05-06 16:15:38 +00:00
Gage Hugo 2548f46b0a Add OSSA-2020-004 (CVEs Pending) 
Change-Id: Ide28e91b184edab45d22c47661ad6bb6003dd244
Closes-Bug: #1872735
Closes-Bug: #1872733
 2020-05-06 16:09:58 +00:00
Gage Hugo e084cbd224 Add OSSA-2020-003 (CVE Pending) 
Related-Bug: #1872737
Change-Id: I51b2199d573d0abf088befa8eb504486708f8e70
 2020-05-06 16:00:22 +00:00
Goutham Pacha Ravi e956315884 Add OSSA-2020-002 (CVE-2020-9543) 
Change-Id: I0b0c2bd0d950a33f5d510ab44b0ff52884eff19f
Related-Bug: #1861485
 2020-03-10 16:33:25 -07:00
Jeremy Stanley 28b98cb833 Add OSSA-2020-001 (CVE-2015-9543) 
Change-Id: If9b675a4cef657f5d4102192821a51bb91d8cbf9
Closes-Bug: #1492140
 2020-02-19 15:40:22 +00:00
baiwenteng 0a4266dd2f Fix typos in ossa 
Change-Id: Ib48e5439fbc053f2fc36b9de6b8aad7dd4e721f6
 2020-01-21 16:48:48 +00:00
Gage Hugo 48ab0ba371 Add OSSA-2019-006 (CVE-2019-19687) 
Change-Id: I67b985cbfb5f19761236b568b8ce2939a6978923
 2019-12-09 17:26:53 +00:00
Daniel 'f0o' Preussker fd57202868 Add OSSA-2019-005 (CVE-2019-17134) 
Change-Id: If8f83974881740d6b5f2eefb83ce215b1dce3461
 2019-10-07 17:25:12 +02:00
Jeremy Stanley 59342fd8cf Add OSSA-2019-004 ($CVE) 
Change-Id: I915b0d74577dd9badee6f60300a67b88dc539e03
Related-Bug: #1837252
 2019-08-28 22:16:50 +00:00
Jeremy Stanley 6b0b3a50e6 Add OSSA-2019-003 (CVE-2019-14433) 
Change-Id: I22c4b17a0ad1b6197a97c6b2670fe5d1a6a7406f
Related-Bug: #1837877
 2019-08-06 18:41:10 +00:00
Gage Hugo 64232d9f1a Add OSSA-2019-002 (CVE-2019-10876) 
Depends-On: https://review.openstack.org/#/c/650930/
Change-Id: I17b766efdbd63cfc6cdfc03a94f60911dd7acc9d
 2019-04-08 10:43:15 -05:00
Tristan Cacqueray a8c4ab769b Adds OSSA-2019-001 (CVE-2019-9735) 
Change-Id: I11ec9820642d1eca14517bd39e01b5e8581cda82
Related-Bug: #1818385
 2019-03-18 14:29:34 +00:00
Matthew Thode 837d69c5c6
Add OSSA-2018-002, CVE-2018-14432 for publishing 
Change-Id: If0012892449a6d1612b55d685cfd5e3c8ea49868
 2018-07-25 10:53:57 -05:00
Tristan Cacqueray c5f504bf1d Adds OSSA-2018-001 (CVE-2017-18191) 
Change-Id: I43abe5ca3e14010b578a450bf2fa7bc3839b24b1
Related-Bug: #1739593
 2018-04-20 13:42:41 +00:00
Jeremy Stanley 369ec51299 Fix spacing for OSSA-2017-006 title 
This is a brown-bag fix to work around a rendering issue for
multi-line titles.

Change-Id: I01d4eabd0d1e4a0ee0f57b66141c3b0dd5de3a40
 2017-12-05 15:34:13 +00:00
Jeremy Stanley e2283a6b9e Adds OSSA-2017-006 (CVE-2017-17051) 
Change-Id: I6110a60e10afb6cad11ec19156a27362c0c1ec2f
Related-Bug: #1732976
 2017-12-05 14:56:38 +00:00
Tristan Cacqueray ab54ce232d Updates OSSA 2017-005 with ERRATA#1 
Change-Id: Id747d793c430ac2e5b3c27b68e55c0f12cb8c3f7
Related-Bug: #1664931
 2017-12-05 14:19:01 +00:00
Tristan Cacqueray cb43ec5959 Adds OSSA-2017-005 (CVE-2017-16239) 
Change-Id: Ib03875ae5b6ad95ceecf00714704ac9676ef32a7
Related-Bug: #1664931
 2017-11-14 16:07:52 +00:00
Tristan Cacqueray 53a4f33f88 Adds OSSA-2017-004 (CVE-2017-2673) 
Change-Id: I8c1166125c7c1e206eefbe518be7bff3376c055c
Closes-Bug: #1677723
 2017-04-25 15:22:35 +00:00
Tristan Cacqueray d9fb681d40 Adds OSSA-2017-003 (CVE-2017-7400) 
Change-Id: Iead38e4f72cfe54102612a07a4001862cb5fd32c
Closes-Bug: #1667086
 2017-04-04 07:11:04 +00:00
Jeremy Stanley c54ed705df OSSA-2017-002 (CVE-2017-7214) 
Nova logs sensitive context from notification exceptions

Change-Id: Iec1deae6bbe7fc73045c2abf9b3d44bafa86acc0
Closes-Bug: #1673569
 2017-03-22 23:53:51 +00:00
Jeremy Stanley 0b074f5c16 OSSA-2017-001 (CVE-2017-2592) 
CatchErrors leaks sensitive values in oslo.middleware

Change-Id: I2a85e96f457e58cc7f2160d733bdc7b1fe8de3df
Closes-Bug: #1628031
 2017-01-26 14:55:39 +00:00
Tristan Cacqueray a8ca0d0e3e Adds OSSA-2016-013 (CVE-2016-9185) 
Related-Bug: 1606500
Change-Id: I252bb88c12db7c6130864fa64a5e73d02439799d
 2016-11-04 08:27:46 +00:00
Jeremy Stanley 5cfb949aef Adds OSSA-2016-012 (CVE-2015-5162) 
Change-Id: I9a85f50f0183d9303ebb73376801ae36917c71e1
Signed-off-by: Jeremy Stanley <fungi@yuggoth.org>
 2016-10-06 18:50:56 +00:00
Tristan Cacqueray a6b9eb105e Adds OSSA-2016-011 (CVE-2016-7498) 
Change-Id: Icf9d11beb1dd5a08269522e009937b7c9672d8f8
 2016-09-22 00:06:30 +00:00
Tristan Cacqueray d155fe8c1a Adds OSSA-2016-010 (CVE-2016-4428) 
Change-Id: I682d36be196502568c64e8f2142d4555cdc1b0be
Related-Bug: #1567673
 2016-06-15 11:11:15 -04:00
Tristan Cacqueray 756540a726 Adds OSSA 2016-009 (CVE-2016-5362, CVE-2016-5363 and CVE-2015-8914) 
Change-Id: Iad029108209fc631da286c777e8485106cea7f53
Related-Bug: #1502933
Related-Bug: #1558658
 2016-06-13 04:04:49 -04:00
Morgan Fainberg c6db6d9d4a Adds OSSA 2016-008 (CVE-2016-4911) 
Change-Id: I35ae3174ce88363c1a2b0b3f8c5beb0a3054d928
Related-Bug: #1577558
 2016-05-24 08:14:40 -07:00
Tristan Cacqueray ffcfc1a6fc Updates OSSA 2016-007 with ERRATA#2 
Change-Id: Icbf47637ac9d5afa17afb0656d8374b4bf2562fb
Related-Bug: #1558697
 2016-03-29 16:39:52 -04:00