[Openstack-security] [OSSG] DRAFT: Security Note: Keystone Resource Exhaustion without HTTP POST limiting
Kurt Seifried
kseifried at redhat.com
Fri Apr 26 08:08:04 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/23/2013 02:37 AM, Thierry Carrez wrote:
> Kurt Seifried wrote:
>> So if it's ok with you guys I'd like to make sure that all
>> OpenStack security issues get CVE's assigned regardless of
>> whether or not they are going to be fixed in code (e.g. addressed
>> with a security note, maybe a config change, a documentation
>> change, whatever).
>
> Makes sense to me.
Ok assigned a CVE for the keystone header issue, and another thing in
LauynchPad and left some queries on other bugs but now I can't find
them (launch pad search... grrr).
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iQIcBAEBAgAGBQJRejXjAAoJEBYNRVNeJnmT3sYP/i7IlSxzfPN/8dIUpMc+Jj4G
PFxguE+xu8ilAXfx5RVbdNblZBKoJWWB1tYFYqd6Q1hhT+9tYNqNlAZqjNf6FAAG
EmcNFU3v6nm2Aof2s4RUxhZ283vgp1ssqXfK3I/5OePRdPC4lidkfcClIFgYAfjx
ZE28TXqmZuApgIyayg9dEhHH4biC9IZ2nDAgPy9324PuS12i67R/EwHo0UJ3SxIL
Z5Bw5Zp58qUbd/Lu/3MxuX/W26lwtJbQ0YsoZEAQJVeKf36lEj6uUX0IpjXj70KY
E2Ucg75heAcHcyofvxpTJNkBi5Y9fKZUb5aOO5Dzs2fiua8TorT0ZSO3Do2S3bzC
RlVayTkoqvSEqdLan/qLnvbiIEqhfSiSB8haSRL2ZWv635l2A0BWcL7fwBbXKMJf
sgpmusR+oxmzA7cgK6T3BUoEZac0elofIUye1aP9tXGOf/wV9N4JeSJGdU9wsq1C
aTSZkdGJ4OnBM3qOFoMD9LWbBPWEW1w+ktLNDYJc2ZJYHZdoGNmTrTcfS6QkIpCg
lThbP3bYmTHWerD7ggqg+lSkd6XvoNzTT00FheOCBR5MmdfuNLO5GBXyJ2LKyuYa
dHKD1Bjxcj17ZOsEb6OSbbmO39J37qOgd2WdXsJ1RdZAPu5EQS+kNpk2/m0fai0o
JzeFDni50l8bgn4EhW+Z
=5u1k
-----END PGP SIGNATURE-----
More information about the Openstack-security
mailing list