[Openstack-security] [openstack/python-keystoneclient] SecurityImpact review request change Iff063149e1f12df69bbf9015222d09d798980872
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Aug 27 23:07:19 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/117371
Log:
commit 495eec908e919e8809c8b3ea601c2708792ee7a5
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Wed Aug 27 17:50:19 2014 -0500
Change cms_sign_data to use sha256 message digest
cms_sign_data was not passing the md parameter to openssl, so it was
using the default digest of sha1. Some security standards require a
SHA2 algorithm for the digest.
This if for security hardening.
SecurityImpact
Change-Id: Iff063149e1f12df69bbf9015222d09d798980872
Closes-Bug: #1362343
More information about the Openstack-security
mailing list