Candidate: CVE-2016-9185
PublicDate: 2016-11-04 10:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9185
Description:
 In OpenStack Heat, by launching a new Heat stack with a local URL an
 authenticated user may conduct network discovery revealing internal network
 configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ossa/+bug/1606500
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843232
Priority: low
Discovered-by: Tom Patzig
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [4.3 MEDIUM]

Patches_heat:
 upstream: https://review.openstack.org/#/c/393149/ (liberty)
upstream_heat: released (1:7.0.0-2)
precise_heat: DNE
precise/esm_heat: DNE
trusty_heat: ignored (reached end-of-life)
trusty/esm_heat: DNE (trusty was needed)
vivid/stable-phone-overlay_heat: DNE
vivid/ubuntu-core_heat: DNE
xenial_heat: not-affected (1:6.1.2-0ubuntu1)
esm-infra/xenial_heat: not-affected (1:6.1.2-0ubuntu1)
yakkety_heat: ignored (reached end-of-life)
zesty_heat: not-affected (1:8.0.2-0ubuntu1)
artful_heat: not-affected (1:9.0.0~rc1-0ubuntu2)
bionic_heat: not-affected (1:9.0.0~rc1-0ubuntu2)
cosmic_heat: not-affected (1:9.0.0~rc1-0ubuntu2)
disco_heat: not-affected (1:9.0.0~rc1-0ubuntu2)
devel_heat: not-affected (1:9.0.0~rc1-0ubuntu2)