Adds OSSA-2015-014

Change-Id: Id7375c307425e478fadbd97cee17ed8b5983acaa
This commit is contained in:
Tristan Cacqueray 2015-08-13 11:02:50 -04:00
parent 655615e7f0
commit 9827d0e4bc
1 changed files with 48 additions and 0 deletions

48
ossa/OSSA-2015-014.yaml Normal file
View File

@ -0,0 +1,48 @@
date: 2015-08-13
id: OSSA-2015-014
title: 'Glance v2 API host file disclosure through qcow2 backing file'
description: 'Eric Harney from Red Hat reported a vulnerability in Glance. By
importing a qcow2 image with a malicious backing file, an
authenticated user may mislead Glance import task action, resulting
in the disclosure of any file on the Glance server for which the
Glance process user has access to. Only setups using the Glance V2
API are affected by this flaw.'
affected-products:
- product: glance
version: 2015.1 versions through 2015.1.1
vulnerabilities:
- cve-id: CVE-2015-5163
reporters:
- name: 'Eric Harney'
affiliation: Red Hat
reported:
- CVE-2015-5163
issues:
links:
- https://launchpad.net/bugs/1471912
type: launchpad
reviews:
liberty:
- https://review.openstack.org/212567
kilo:
- https://review.openstack.org/212568
type: gerrit
notes:
- 'This fix will be included in the future 2015.1.2 (kilo) release.'