Comment 3 for bug 1671842

Thanks for reporting this! Unfortunately private security bugs for DIB were still under control of the TripleO team until I fixed that just now, so I didn't know about this report until you E-mailed the openstack-dev mailing list about it today. I'll see to it that this gets the attention of some DIB developers as soon as possible, but given your public mention on the ML list I'm going ahead and switching this to public security now so that concerned users of the software can at least take mitigating steps like correcting filesystem permissions or removing those files entirely from their images/servers.