Open Stack

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/17/2013 09:38 PM, Clark, Robert Graham wrote:
> I agree with you. I'm not currently responsible for how OpenStack
> handles issues and wether they're considered as 'vulnerabilities'
> though the OSSG will be assisting with that process in the near
> future.
> 
> There's discussion of the issue here: 
> https://bugs.launchpad.net/keystone/+bug/1098177 I believe the
> request for us to cut a OSN in response to this was due to the fact
> that it doesn't affect Grizzly and most people who would have an
> vulnerable attack surface (web facing etc) would already be running
> Keystone behind Nginx, WAFs, LB's etc.
> 
> I can hold the draft while you create a CVE and we can reference
> that in the released OSN, you should probably approach the VMT
> about the CVE or comment on the bug perhaps?
> 
> -Rob

I've emailed the OpenStack VMT to confirm handling this.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRb4azAAoJEBYNRVNeJnmT33MP/RpAY6Z5Iaz9Li9BWLJAtUqS
qyh4bTRGz9tdAu4wu6ZmfRuOZ8256r5b9el3lf4a6o42WoDGSVCxc2+5yG8mC8YV
nwEqw8Ol6IUNV3lWi1jVX7Gho5zDZnI3Dvc1O24UNJ4Afptloitp1apUi4VK4HQo
pCS6iMuKZwaojfmzuySkAeT39vhf5bWoDPxv91Oa4tl1UHRVDp83dya4lBizNOwv
jMszUloBf+AAOmGhW2wFaX5bezgaxlQN8W+gAE1QueFoK5G8eyiCayCeP6bzhqZG
3soJQRysoa2HSmZvJ37MLbUNV/S3DyfhBFrB99yc8/m/rkLaynF9mddqL7dWrBZ1
5rBPQLFX+9yFYnDhS8ppguRTv/jW6DZUkCX47BU/YCr8iKOnbnPDeQ72XnHDubXv
PcXAmI36IprawQoM/almAKf4R2JGecnrgg4DaQawWbDc/Kn61dKe6U67rGBW+UOj
UEBJEYTgQmIdFAXgdj8e52bIFZRlIkJf3FVHEOXIIQDVmk7/zAsIVG/tC+leMBCk
EAo/qkebWh/oIfxwl7zopWTsoYT5B9DnoxdQR2NGaUJP10wvSr6Ja3RoWI0XoINF
9KBC7srAWwgLodBSyDzyAkjkbNovB3dHUI91c2qCxXquN9Ff4QzZnvPChregkgM/
ZPEqza2Sb3e9IrRFss2z
=JHVL
-----END PGP SIGNATURE-----