From a8ca0d0e3eaa5a67ea1b9406e6fa274edaff4d84 Mon Sep 17 00:00:00 2001
From: Tristan Cacqueray <tdecacqu@redhat.com>
Date: Fri, 4 Nov 2016 08:27:21 +0000
Subject: [PATCH] Adds OSSA-2016-013 (CVE-2016-9185)

Related-Bug: 1606500
Change-Id: I252bb88c12db7c6130864fa64a5e73d02439799d
---
 ossa/OSSA-2016-013.yaml | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 ossa/OSSA-2016-013.yaml

diff --git a/ossa/OSSA-2016-013.yaml b/ossa/OSSA-2016-013.yaml
new file mode 100644
index 0000000..cc0fe14
--- /dev/null
+++ b/ossa/OSSA-2016-013.yaml
@@ -0,0 +1,38 @@
+date: 2016-11-04
+
+id: OSSA-2016-013
+
+title: Network information disclosure through Heat template source URL
+
+description: >
+  Tom Patzig from SAP reported a vulnerability in Heat. By launching a new
+  Heat stack with a local URL an authenticated user may conduct network
+  discovery revealing internal network configuration. All Heat setup are
+  affected.
+
+affected-products:
+  - product: heat
+    version: "<=5.0.3, >=6.0.0 <=6.1.0 and ==7.0.0"
+
+vulnerabilities:
+  - cve-id: CVE-2016-9185
+
+reporters:
+  - name: Tom Patzig
+    affiliation: SAP
+    reported:
+      - CVE-2015-9185
+
+issues:
+  links:
+    - https://launchpad.net/bugs/1606500
+
+reviews:
+  ocata:
+    - https://review.openstack.org/393146
+  newton:
+    - https://review.openstack.org/393147
+  mitaka:
+    - https://review.openstack.org/393148
+  liberty:
+    - https://review.openstack.org/393149