[Openstack-devel] Bug#732033: heat: CVE-2013-6428 and CVE-2013-6426
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 12 18:17:41 UTC 2013
Package: heat
Version: 2013.2-4
Severity: grave
Tags: security upstream
Hi,
the following vulnerabilities were published for heat, the first one
beeing a privilege escalation.
Only checked against havana (and this should be the first one with
supporting heat).
CVE-2013-6428[0]:
Heat ReST API doesn't respect tenant scoping
CVE-2013-6426[1]:
Heat CFN policy rules not all enforced
The upstream bugreports at launchpad contain also patches for havana.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6428
http://security-tracker.debian.org/tracker/CVE-2013-6428
https://launchpad.net/bugs/1256983
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6426
http://security-tracker.debian.org/tracker/CVE-2013-6426
https://launchpad.net/bugs/1256049
Regards,
Salvatore
More information about the Openstack-devel
mailing list