oss-sec mailing list archives
Re: [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013)
From: Jeremy Stanley <fungi () yuggoth org>
Date: Mon, 3 Jun 2013 18:24:39 +0000
On 2013-06-03 10:51:19 -0700 (-0700), Lloyd Dewolf wrote: [...]
Interestingly, the OSSA 2013-014 notice did include "python-keystoneclient fix (will be included in upcoming 0.2.4 release)".
I'm going to chalk that up to Thierry knowing the version number at that point, since the OSSA 2013-014 fix is what got tagged with 0.2.4 the next morning. On the other hand the -013 fix was a lower-priority feature enhancement and I didn't want to rely on a versioning guess a week ahead. Client releases are handled a bit more independently compared to OpenStack server components (where we can predict release milestone dates fairly accurately). As a general rule I'm going to try to include the release version numbers in advance when I can do so safely, and otherwise rely on subsequent release announcements. -- Jeremy Stanley
Current thread:
- [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Jeremy Stanley (May 23)
- Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Lloyd Dewolf (Jun 03)
- Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Jeremy Stanley (Jun 03)
- Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Lloyd Dewolf (Jun 03)
- Re: [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Jeremy Stanley (Jun 03)
- Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Robert Collins (Jun 03)
- Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Jeremy Stanley (Jun 03)
- Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Lloyd Dewolf (Jun 03)