[ubuntu-cloud-archive/juno-proposed] cinder (Accepted)
James Page
james.page at ubuntu.com
Thu Aug 6 09:42:00 UTC 2015
cinder (1:2014.2.3-0ubuntu1.1~cloud0) trusty-juno; urgency=medium
.
* SECURITY UPDATE: arbitrary file read via crafted qcow2 backing file
- debian/patches/CVE-2015-1851.patch: disallow backing files in
cinder/image/image_utils.py, added test to
cinder/tests/test_image_utils.py.
- CVE-2015-1851
Date: Thu, 06 Aug 2015 09:11:31 +0100
Changed-By: James Page <james.page at ubuntu.com>
Signed-By: James Page <james.page at ubuntu.com>
Published-By: James Page <james.page at ubuntu.com>
More information about the Cloud-archive-changes
mailing list