oss-sec mailing list archives
Re: Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457)
From: Russell Bryant <rbryant () redhat com>
Date: Sat, 29 Sep 2012 13:28:35 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/29/2012 02:18 AM, Kurt Seifried wrote:
On 09/28/2012 05:56 PM, andi abes wrote:is the plan going forward to announce these on friday afternoons?I can't speak for OpenStack but the history of these vulns is that they have been public since May 2012 and April 2012, but were not labelled as security, they were noticed, CVE's were assigned and I think the idea was to notify people quickly since they're have a significant impact and have been around for a while.
Correct. Normally, we only announce on Tuesday through Thursday. In the case of the two announced yesterday (Friday), these were issues fixed a good while ago in the open so we were just now catching up and labeling them properly. Thanks, - -- Russell Bryant -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBnL8MACgkQFg9ft4s9SAYz3wCfYo+RnuaEtkEtUGmczPwvQiSh yc8An30yhBv+SA1HZxlF2D+gEEUeOM6R =RMEV -----END PGP SIGNATURE-----
Current thread:
- [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) Russell Bryant (Sep 28)
- Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) andi abes (Sep 28)
- Re: Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) Kurt Seifried (Sep 28)
- Re: Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) Russell Bryant (Sep 29)
- Re: Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) andi abes (Sep 29)
- Re: Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) Kurt Seifried (Sep 28)
- Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) andi abes (Sep 28)