[Secure-testing-commits] r58038 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Nov 26 20:16:30 UTC 2017
Author: carnil
Date: 2017-11-26 20:16:30 +0000 (Sun, 26 Nov 2017)
New Revision: 58038
Modified:
data/CVE/list
Log:
Update information for CVE-2017-15114/tripleo-heat-templates
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-26 20:15:20 UTC (rev 58037)
+++ data/CVE/list 2017-11-26 20:16:30 UTC (rev 58038)
@@ -5312,10 +5312,13 @@
NOTE: https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 (v4.14-rc6)
CVE-2017-15114 [Passwordless access for non-libvirt related services when using shared certificate authority]
RESERVED
- - tripleo-heat-templates <undetermined>
+ - tripleo-heat-templates <not-affected> (Vulnerability introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510015
- NOTE: https://review.openstack.org/#/c/519015/
- TODO: check, possibly not yet having se_tls_for_live_migration
+ NOTE: Bug: https://bugs.launchpad.net/tripleo/+bug/1730370
+ NOTE: TLS libvirt live migration disabled in: https://review.openstack.org/#/c/519015/
+ NOTE: TLS libvirt live migration introduced in: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=fa740c5e49994ffdd3a5aa1f43a0305c8e5a0b3a
+ NOTE: Re-enabled libvirt TLS with SASL auth:
+ NOTE: https://bugs.launchpad.net/tripleo/+bug/1732479
CVE-2017-15113
RESERVED
NOT-FOR-US: ovirt-engine
More information about the Secure-testing-commits
mailing list