Bugzilla – Bug 861481
VUL-1: CVE-2014-0040: openstack-heat-templates: use of HTTP to download signing keys/code
Last modified: 2016-04-27 19:28:58 UTC
Grant Murphy found several problems within the openstack/heat-templates project. * yum repositories that make connections via http (should be https) CVE-2014-0040 was assigned to this issue. External reference: https://bugs.launchpad.net/heat-templates/+bug/1267635 https://github.com/openstack/heat-templates/ https://bugzilla.redhat.com/show_bug.cgi?id=1059514
bugbot adjusting priority
Added to C:O:H:S
*** Bug 861482 has been marked as a duplicate of this bug. ***
*** Bug 861483 has been marked as a duplicate of this bug. ***
did we release a fix for htis for cloud 3?
I don't know. if we did, there should be the following reference in the changes file: + Secure private repo files added to environment (bnc#861481, CVE-2014-0040, bnc#861482, CVE-2014-0041, bnc#861483, CVE-2014-0042)
since we dont update cloud 3 anymore, and it is in cloud 4 and cloud, i will close it.