Bug 1349666

Summary: CVE-2016-4972 python-muranoclient: openstack-murano: RCE via usage of insecure YAML tags [openstack-rdo]
Product: [Community] RDO Reporter: Summer Long <slong>
Component: distributionAssignee: Lars Kellogg-Stedman <lars>
Status: CLOSED ERRATA QA Contact: Shai Revivo <srevivo>
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: aortega, apevec, ayoung, chris.brown, chrisw, cvsbot-xmlrpc, gmollett, jschluet, kbasil, lhh, lpeer, markmc, rbryant, sclewis, srevivo, tdecacqu
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: trunk   
Hardware: All   
OS: Linux   
Whiteboard: component:python-muranoclient
Fixed In Version: Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-06-18 07:52:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1344232    

Description Summer Long 2016-06-23 23:19:49 UTC 
This as an RDO Project security tracking bug against python-muranoclient. It was created
to ensure that one or more security vulnerabilities are fixed.

For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.

[bug automatically created by: add-tracking-bugs]
Comment 1 Christopher Brown 2017-06-18 07:52:41 UTC 
Fixed in RDO Liberty and Mitaka which are now EOL anyway.