[Openstack-security] FW: OpenSSL Heartblead (CVE-2014-0160)
Cody Bunch
cody.bunch at rackspace.com
Wed Apr 9 20:28:11 UTC 2014
If not an OSSN a small faq of sorts as it pertains to OpenStack.
-C
________________________________
From: Clark, Robert Graham [robert.clark at hp.com]
Sent: Wednesday, April 09, 2014 3:24 PM
To: Bryan D. Payne; Thierry Carrez; Nathan Kinder
Cc: openstack-security at lists.openstack.org
Subject: Re: [Openstack-security] FW: OpenSSL Heartblead (CVE-2014-0160)
I think there may be some value in us creating an OSSN that runs through the issue, it’s coming up a lot on the ML and while I agree with Bryan in principle that it’s not completely within the realm of the OSSN process, there’s value in having one well written summary that people can refer to on the ML and elsewhere rather than having lots of add hock conversations.
Thoughts?
From: Bryan D. Payne [mailto:bdpayne at acm.org]
Sent: 09 April 2014 09:35
To: Thierry Carrez
Cc: openstack-security at lists.openstack.org
Subject: Re: [Openstack-security] FW: OpenSSL Heartblead (CVE-2014-0160)
Should we consider issuing an OSSN describing steps for heartbleed
mitigation in OpenStack deployments ? I know it's not very different
from other affected SSL services, but I've already answered that
question twice on MLs and people are apparently very confused about it
so it looks like something that could use a reference official answer :)
Unless we have something specifically related to OpenStack to add, I'd suggest just pointing people to http://heartbleed.com/.
-bryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140409/1413b198/attachment.html>
More information about the Openstack-security
mailing list