-
Committer:
Chuck Short
-
Date:
2012-01-17 14:22:37 UTC
-
Revision ID:
zulcss@ubuntu.com-20120117142237-oibsyydg5fwk5iy6
* SECURITY UPDATE: fix tenant bypass by authenticated users via OpenStack
API (LP: #904072)
- CVE-2012-0030
* SECURITY UPDATE: fix directory traversal during image registration via
EC2 API and S3/RegisterImage
- fix-traversal-via-image-register.patch: adjust nova/image/s3.py to
use basename instead of absolute path
- CVE-2011-XXXX
* SECURITY UPDATE: fix information leak via invalid key
debina/patches/security-fix-lp868360.patch: adjust nova/auth/manager.py
to not return access, secret or admin fields for User error and
project_manager_id, description and member_ids for Project
- LP: #868360
- CVE-2011-XXXX