OpenStack Object Storage (swift)

  1. Bug #1430645
  2. Comment #43

Comment 43 for bug 1430645

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to swift (stable/juno)

Reviewed: https://review.openstack.org/173363
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=85afe9316570855c87ea731d0627f6f8f2b73264
Submitter: Jenkins
Branch: stable/juno

commit 85afe9316570855c87ea731d0627f6f8f2b73264
Author: Alistair Coles <email address hidden>
Date: Fri Apr 3 17:05:36 2015 +0100

    Prevent unauthorized delete in versioned container

    An authenticated user can delete the most recent version of any
    versioned object who's name is known if the user has listing access
    to the x-versions-location container. Only Swift setups with
    allow_version setting are affected.

    This patch closes this bug, tracked as CVE-2015-1856.

    Co-Authored-By: Clay Gerrard <email address hidden>
    Co-Authored-By: Christian Schwede <email address hidden>
    Co-Authored-By: Alistair Coles <email address hidden>

    Closes-Bug: 1430645

    Change-Id: I74448c12bc4d4cd07d4300f452cf3dd6f66ca70a