From cb43ec59595e9875a179008da346852aee42fd41 Mon Sep 17 00:00:00 2001
From: Tristan Cacqueray <tdecacqu@redhat.com>
Date: Tue, 14 Nov 2017 10:37:44 +0000
Subject: [PATCH] Adds OSSA-2017-005 (CVE-2017-16239)

Change-Id: Ib03875ae5b6ad95ceecf00714704ac9676ef32a7
Related-Bug: #1664931
---
 ossa/OSSA-2017-005.yaml | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 ossa/OSSA-2017-005.yaml

diff --git a/ossa/OSSA-2017-005.yaml b/ossa/OSSA-2017-005.yaml
new file mode 100644
index 0000000..78b9b90
--- /dev/null
+++ b/ossa/OSSA-2017-005.yaml
@@ -0,0 +1,39 @@
+date: 2017-11-14
+
+id: OSSA-2017-005
+
+title: Nova Filter Scheduler bypass through rebuild action
+
+description: >
+  George Shuklin from servers.com reported a vulnerability in Nova. By
+  rebuilding an instance, an authenticated user may be able to circumvent the
+  Filter Scheduler bypassing imposed filters (for example, the
+  ImagePropertiesFilter or the IsolatedHostsFilter).
+  All setups using Nova Filter Scheduler are affected.
+
+affected-products:
+  - product: nova
+    version: "<=14.0.9, >=15.0.0 <=15.0.7, >=16.0.0 <=16.0.2"
+
+vulnerabilities:
+  - cve-id: CVE-2017-16239
+
+reporters:
+  - name: George Shuklin
+    affiliation: Servers.com
+    reported:
+      - CVE-2017-16239
+
+issues:
+  links:
+    - https://launchpad.net/bugs/1664931
+
+reviews:
+  queens:
+    - https://review.openstack.org/519662
+  pike:
+    - https://review.openstack.org/519672
+  ocata:
+    - https://review.openstack.org/519681
+  newton:
+    - https://review.openstack.org/519684