Adds OSSA-2015-014

Change-Id: Id7375c307425e478fadbd97cee17ed8b5983acaa
2015-08-13 11:02:50 -04:00 · 2015-08-13 11:02:50 -04:00 · 9827d0e4bc
commit 9827d0e4bc
parent 655615e7f0
1 changed files with 48 additions and 0 deletions
--- a/ossa/OSSA-2015-014.yaml
+++ b/ossa/OSSA-2015-014.yaml
@ -0,0 +1,48 @@
+date: 2015-08-13
+
+id: OSSA-2015-014
+
+title: 'Glance v2 API host file disclosure through qcow2 backing file'
+
+description: 'Eric Harney from Red Hat reported a vulnerability in Glance. By
+    importing a qcow2 image with a malicious backing file, an
+    authenticated user may mislead Glance import task action, resulting
+    in the disclosure of any file on the Glance server for which the
+    Glance process user has access to. Only setups using the Glance V2
+    API are affected by this flaw.'
+
+affected-products:
+
+  - product: glance
+    version: 2015.1 versions through 2015.1.1
+
+vulnerabilities:
+
+  - cve-id: CVE-2015-5163
+
+reporters:
+
+  - name: 'Eric Harney'
+    affiliation: Red Hat
+    reported:
+      - CVE-2015-5163
+
+issues:
+
+  links:
+    - https://launchpad.net/bugs/1471912
+
+  type: launchpad
+
+reviews:
+
+  liberty:
+    - https://review.openstack.org/212567
+
+  kilo:
+    - https://review.openstack.org/212568
+
+  type: gerrit
+
+notes:
+  - 'This fix will be included in the future 2015.1.2 (kilo) release.'