CVEs related to bugs in openstack-ansible

Open bugs

There are no CVEs related to bugs open in openstack-ansible.

Resolved bugs

Bug CVE(s)
Bug #1400881: Cannot rebuild a VM created from a Cinder volume backed by NetApp CVE-2015-3241
openstack-ansible Fix released, assigned to David
Bug #1400966: [OSSA-2014-041] Glance allows users to download and delete any file in glance-api server (CVE-2014-9493) CVE-2014-9493
openstack-ansible Fix released, assigned to Ian Cordasco
Bug #1437054: Default container user's password is hardcoded CVE-2015-2777
openstack-ansible Fix released, assigned to Kevin Carter
Bug #1454677: Qemu version pin vulnerable to VENOM CVE-2015-3456
openstack-ansible Invalid (unassigned)
Bug #1466216: Upgrade to ansible 1.9.2 when released CVE-2015-3908
openstack-ansible Fix released, assigned to Tom Cameron
Bug #1466982: RabbitMQ default user's password isn't changed CVE-2015-4708
openstack-ansible Fix released, assigned to Kevin Carter
Bug #1484766: Incorporate glance CVE-2015-5163 fix CVE-2015-5163
openstack-ansible Fix released, assigned to Nolan Brubaker
Bug #1488315: The python-requests package is pulled in by apt via dependency CVE-2015-3241
openstack-ansible Invalid (unassigned)
Bug #1489947: heat config generation fails CVE-2015-3241
openstack-ansible Fix released, assigned to Kevin Carter
Bug #1699539: Ansible prior 2.2.3 is vulnerable with CVE-2017-7466, CVE-2017-7473, CVE-2017-7481 CVE-2017-7481
openstack-ansible Invalid (unassigned)
Bug #1755063: [CVE-2018-1000115] memcached: restrict to TCP CVE-2018-1000115
openstack-ansible Fix released, assigned to zhongshengping