From 1e03c88750db3cfdd01a59c6084b624b22c78c72 Mon Sep 17 00:00:00 2001
From: Tristan Cacqueray <tdecacqu@redhat.com>
Date: Thu, 28 Jan 2016 12:24:15 -0500
Subject: [PATCH] Adds OSSA-2016-005 (CVE-2015-7546)

This change also remove issues 'type' which isn't used and can't
be extended to support other type such as OSSN.

Change-Id: I037c8e808466bbdceac38d6cf10a3f98703ad99f
Related-Bug: #1490804
---
 doc/source/vmt-process.rst |  2 --
 ossa/OSSA-2016-005.yaml    | 59 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+), 2 deletions(-)
 create mode 100644 ossa/OSSA-2016-005.yaml

diff --git a/doc/source/vmt-process.rst b/doc/source/vmt-process.rst
index a72a464..291321b 100644
--- a/doc/source/vmt-process.rst
+++ b/doc/source/vmt-process.rst
@@ -465,8 +465,6 @@ project using this template::
       links:
         - https://launchpad.net/bugs/$BUG
 
-      type: launchpad
-
     reviews:
 
       kilo:
diff --git a/ossa/OSSA-2016-005.yaml b/ossa/OSSA-2016-005.yaml
new file mode 100644
index 0000000..83536b4
--- /dev/null
+++ b/ossa/OSSA-2016-005.yaml
@@ -0,0 +1,59 @@
+date: 2016-01-29
+
+id: OSSA-2016-005
+
+title: 'Potential reuse of revoked Identity tokens'
+
+description: 'Liu Sheng reported a vulnerability in Keystone. By manipulating a token
+    content, an authenticated user may prevent its revocation. This can allow
+    unauthorized access to cloud resources if a revoked token is
+    intercepted by an attacker. Only keystone setups using PKI or PKIZ token
+    are affected'
+
+affected-products:
+
+  - product: keystone
+    version: "<= 2015.1.2, >= 8.0.0 <= 8.0.1"
+
+  - product: keystonemiddleware
+    version: ">= 1.5.0 <= 1.5.3, >= 1.6.0 <= 2.3.2"
+
+vulnerabilities:
+
+  - cve-id: CVE-2015-7546
+
+reporters:
+
+  - name: 'Liu Sheng'
+    affiliation: Huawei
+    reported:
+      - CVE-2015-7546
+
+issues:
+
+  links:
+    - https://bugs.launchpad.net/bugs/1490804
+    - https://wiki.openstack.org/wiki/OSSN/OSSN-0062
+
+reviews:
+
+  mitaka:
+    - https://review.openstack.org/258141 (keystone)
+    - https://review.openstack.org/258143 (keystonemiddleware)
+
+  liberty:
+    - https://review.openstack.org/266022 (keystone)
+    - https://review.openstack.org/265988 (keystonemiddleware)
+
+  kilo:
+    - https://review.openstack.org/266045 (keystone)
+    - https://review.openstack.org/266607 (keystonemiddleware)
+
+  type: gerrit
+
+notes:
+  - 'The keystone fix is included in 2015.1.3 (Kilo) and will be included in a future
+     8.0.2 (Liberty) releases.'
+  - 'The keystonemiddleware fix will be included in future 1.5.4 (Kilo) and 2.3.3
+     (Liberty) releases.'
+  - 'Both keystone and keystonemiddleware needs to be updated'