This adds OSSN-0013 addressing an issue with the way Glance property
protections are processed. In some deployments it is possible that a
configuration will allow actions that the administrator had intended
to restrict, unless permissions are defined in a careful order.
Change-Id: Ib149f2559659702f21793c3394bd0791352e18b3
Closes-Bug: #1271426
vulnerability
This adds OSSN-0010, which covers a privilege escalation issue
associated with a sample Keystone v3 policy file.
Change-Id: I3213bbf4b9956b75d733f219660fcefe6a51848d
Related-Bug: #1287219
This adds OSSN-0012, which covers the OpenSSL Heartbleed
vulnerability. This isn't a vulnerability in OpenStack itself, but
OpenStack deployments are likely affected since they would be using
OpenSSL for SSL/TLS.
Change-Id: I2db43e23dc0b090887e937be6188b64e2a0a2ad5
This adds OSSN-0011, which covers an issue related to invalid
security group references in CFN templates being improperly evaluated
by Heat. This results in unintended network access being allowed.
Related-Bug: 1291091
Change-Id: I88ee23aadc74020f150332a619796ebd77ef9698
This adds OSSN-0009, which covers an issue related to the ability
for a user to to abuse group operations in Keystone to trigger
revocation of tokens for other users.
Change-Id: Ic59048442a78fd37b4dcb608ee1a468af70fa82d
Related-Bug: #1268751
This adds a .gitreview file to allow one to easily add a gerrit
remote to a newly cloned repo by running 'git review -s'.
Change-Id: I019ec453f3cbcc07c9d51978c7c6bf87baf95f3f
This adds OSSN-0008, which covers an issue related to the ability
for a user to exhaust the resources on a noVNC or SPICE console host
resulting in a DoS condition.
Some popular mail client PGP software will wrap lines at 72
characters. If we send an OSSN out that has longer lines,
the formatting gets messed up. This can make the OSSN hard
to read. This patch modifies the templates to wrap lines at
72 characters so they match the guidelines posted in the OSSN
process pages on the wiki.
Now that we are publishing OSSNs on the wiki, I changed the
templates to include a link to the OSSN on the wiki instead
of duplicating the Launchpad link like we did previously.
This adds all previously published security notes to the repo. I
also provided some helpful documentation in the README and provided
e-mail and wiki format templates to aid in writing new security
notes.