Add security fixes to the release notes for 12.0.1

There are two security fixes in the upcoming stable/liberty point release (12.0.1) so we should document those in the release notes. This shouldn't be merged until I11485f077d28f4e97529a691e55e3e3c0bea8872 is merged. We don't use Depends-On here since we don't want to hold this up on the stable/kilo backport of that change. Change-Id: Ib2235d6aee540d9010dc86c73aff71179d46e921 Related-Bug: #1516765 Related-Bug: #1524274
2016-01-13 09:41:57 -08:00 · 2016-01-13 09:41:57 -08:00 · b2acc9fa86
parent 8e741e3b25
commit b2acc9fa86
1 changed files with 14 additions and 0 deletions
--- a/releasenotes/notes/12.0.1-cve-bugs-7b04b2e34a3e9a70.yaml
+++ b/releasenotes/notes/12.0.1-cve-bugs-7b04b2e34a3e9a70.yaml
@ -0,0 +1,14 @@
+---
+prelude: |
+  The 12.0.1 release contains fixes for two security issues.
+security:
+  - |
+    [OSSA 2016-001] Nova host data leak through snapshot (CVE-2015-7548)
+
+    * `Bug 1524274 <https://bugs.launchpad.net/nova/+bug/1524274>`_
+    * `Announcement <http://lists.openstack.org/pipermail/openstack-announce/2016-January/000911.html>`_
+
+    [OSSA 2016-002] Xen connection password leak in logs via StorageError (CVE-2015-8749)
+
+    * `Bug 1516765 <https://bugs.launchpad.net/nova/+bug/1516765>`_
+    * `Announcement <http://lists.openstack.org/pipermail/openstack-announce/2016-January/000916.html>`_