Errata 1 for OSSA-2021-002
Change-Id: Iaeb40574176ae62542a0c17e94917e654d38317d Closes-Bug: #1927677
This commit is contained in:
Jeremy Stanley
parent
b27c2be28f
commit
51a1bf0699
|
|
@ -15,9 +15,15 @@ description: >
|
|||
to divulge credentials or other sensitive data. All Nova deployments with
|
||||
novncproxy enabled are affected.
|
||||
|
||||
errata: >
|
||||
The initial fix did not take into account the possibility of bypass using
|
||||
exactly three slashes. This update provides a more thorough revised fix for
|
||||
the issue. The affected versions list has been updated to indicate versions
|
||||
expected to include the newer solution.
|
||||
|
||||
affected-products:
|
||||
- product: Nova
|
||||
version: '<21.2.3, >=22.0.0 <22.2.3, >=23.0.0 <23.0.2'
|
||||
version: '<21.2.3, >=22.0.0 <22.2.3, >=23.0.0 <23.0.3'
|
||||
|
||||
vulnerabilities:
|
||||
- cve-id: CVE-2021-3654
|
||||
|
|
@ -44,19 +50,28 @@ issues:
|
|||
reviews:
|
||||
xena:
|
||||
- https://review.opendev.org/791297
|
||||
- https://review.opendev.org/805654 (errata 1)
|
||||
|
||||
wallaby:
|
||||
- https://review.opendev.org/791577
|
||||
- https://review.opendev.org/805818 (errata 1)
|
||||
|
||||
victoria:
|
||||
- https://review.opendev.org/791805
|
||||
- https://review.opendev.org/806626 (errata 1)
|
||||
|
||||
ussuri:
|
||||
- https://review.opendev.org/791806
|
||||
- https://review.opendev.org/806628 (errata 1)
|
||||
|
||||
train:
|
||||
- https://review.opendev.org/791807
|
||||
- https://review.opendev.org/806629 (errata 1)
|
||||
|
||||
notes:
|
||||
- The stable/train branch is under extended maintenance and will receive no
|
||||
new point releases, but a patch for it is provided as a courtesy.
|
||||
|
||||
errata_history:
|
||||
- 2021-09-27 - Errata 1
|
||||
- 2021-07-29 - Original Version
|
||||
|
|
|
|||
Loading…
Reference in New Issue