Add release notes for security fixes in 13.0.0 mitaka GA

There are three security issues fixed in mitaka. The first two were documented for liberty 12.0.1 but we apparently forgot to doc them for mitaka. Related-Bug: #1524274 Related-Bug: #1516765 Related-Bug: #1548450 Change-Id: I3eba75f1fc86c4c9abd258042dfafc6df1f2405c
2016-03-10 09:35:00 -05:00 · 2016-03-10 09:35:00 -05:00 · 9c0bbda07f
commit 9c0bbda07f
parent 027be87591
1 changed files with 17 additions and 0 deletions
--- a/releasenotes/notes/13.0.0-cve-bugs-fe43ef267a82f304.yaml
+++ b/releasenotes/notes/13.0.0-cve-bugs-fe43ef267a82f304.yaml
@ -0,0 +1,17 @@
+---
+security:
+  - |
+    [OSSA 2016-001] Nova host data leak through snapshot (CVE-2015-7548)
+
+    * `Bug 1524274 <https://bugs.launchpad.net/nova/+bug/1524274>`_
+    * `Announcement <http://lists.openstack.org/pipermail/openstack-announce/2016-January/000911.html>`__
+
+    [OSSA 2016-002] Xen connection password leak in logs via StorageError (CVE-2015-8749)
+
+    * `Bug 1516765 <https://bugs.launchpad.net/nova/+bug/1516765>`_
+    * `Announcement <http://lists.openstack.org/pipermail/openstack-announce/2016-January/000916.html>`__
+
+    [OSSA 2016-007] Host data leak during resize/migrate for raw-backed instances  (CVE-2016-2140)
+
+    * `Bug 1548450 <https://bugs.launchpad.net/nova/+bug/1548450>`_
+    * `Announcement <http://lists.openstack.org/pipermail/openstack-announce/2016-March/001009.html>`__