aodh (4.0.1-0ubuntu0.17.04.2) zesty-security; urgency=medium
* SECURITY UPDATE: Aodh can be used to launder Keystone trusts
- debian/patches/CVE-2017-12440.patch: don't allow the user to pass in
a trust ID in aodh/api/controllers/v2/alarms.py, update comment in
aodh/notifier/trust.py, aodh/notifier/zaqar.py.
- CVE-2017-12440
-- Marc Deslauriers <email address hidden> Fri, 25 Aug 2017 07:54:45 -0400