Comment 80 for bug 1415087

I'm going to mark the nova part of this as incomplete since no one has said they know how to demonstrate a vulnerability in nova for this. The CVE for nova is marked as reserved:

https://bugs.launchpad.net/bugs/cve/2015-1850

And the OSSA was released for the cinder CVE:

https://security.openstack.org/ossa/OSSA-2015-011.html

Furthermore, distros like Red Hat have already been posting that this is something to be aware of but does not have a fix and is considered low severity:

https://access.redhat.com/security/cve/CVE-2015-1850

Same with Canonical:

http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1850.html