Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 22 Sep 2014 02:15:48 -0400 (EDT)
From: cve-assign@...re.org
To: gmurphy@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request for vulnerability in OpenStack keystonemiddleware

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://launchpad.net/bugs/1353315

> Products: keystonemiddleware, python-keystoneclient
> Versions: versions up to 1.1.1 (keystonemiddleware), versions up to 0.10.1
> (python-keystoneclient)

> When the 'insecure' SSL option is set in a paste configuration file it
> is effectively ignored

> The scenario where a deployer specifically sets:
> 
>   ssl_insecure = false
> 
> ... in an attempt to ensure that verification is performed will be
> sorely disappointed

Use CVE-2014-7144.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUH740AAoJEKllVAevmvmsGwwH/1+0pBSPRa2l1eSYsznGI8Ar
7c0UPVCsPAN5vCveHMYWAa+/BnfsSCXAkGOumu8/l+QIHjQIdcp0RFB5DXeIYqGi
+6JxooSvqOBan2pAyYZX6nVkEPTQ9/13xFyf14bYlGRHlR5E9wHxyjqSJawBmOln
OxcTG3piOdcGdCFtAgp4mzkLTlx9reKxAsub8dUD0lVA0w0NNAEWk4amMMIOEBIS
s7IyU31C+eAxyf9BaIAdNumB5Dd3/LTc3mvyUlSmwcmhpIykRg+5Tzvlo+sFkt6G
tszw/Y2IHQZiD0oYBcFzcdR4DsVUQ/HsOeWntGhoQgDvKp+iQW3meAe6uNo0i48=
=CHBP
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ