OpenStack Object Storage (swift)

  1. Bug #1430645
  2. Comment #41

Comment 41 for bug 1430645

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to swift (stable/icehouse)

Reviewed: https://review.openstack.org/173366
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=f6525758ab2456d688430699338993439597a789
Submitter: Jenkins
Branch: stable/icehouse

commit f6525758ab2456d688430699338993439597a789
Author: Alistair Coles <email address hidden>
Date: Fri Apr 3 18:46:20 2015 +0100

    Prevent unauthorized delete in versioned container

    An authenticated user can delete the most recent version of any
    versioned object who's name is known if the user has listing access
    to the x-versions-location container. Only Swift setups with
    allow_version setting are affected.

    This patch closes this bug, tracked as CVE-2015-1856.

    Co-Authored-By: Clay Gerrard <email address hidden>
    Co-Authored-By: Christian Schwede <email address hidden>
    Co-Authored-By: Alistair Coles <email address hidden>

    Closes-Bug: 1430645

    Change-Id: Icde494a9a2c851034813cbc3855a20335b643f09