[ubuntu/vivid-security] cinder 1:2015.1.0-0ubuntu1.1 (Accepted)
Seth Arnold
seth.arnold at canonical.com
Thu Aug 6 02:06:39 UTC 2015
cinder (1:2015.1.0-0ubuntu1.1) vivid-security; urgency=medium
* SECURITY UPDATE: arbitrary file read via crafted qcow2 backing file
- debian/patches/CVE-2015-1851.patch: disallow backing files in
cinder/image/image_utils.py, added test to
cinder/tests/test_image_utils.py.
- CVE-2015-1851
Date: 2015-07-22 15:03:12.606737+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Seth Arnold <seth.arnold at canonical.com>
https://launchpad.net/ubuntu/+source/cinder/1:2015.1.0-0ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Vivid-changes
mailing list