[Openstack-security] [openstack/python-keystoneclient] SecurityImpact review request change Iff063149e1f12df69bbf9015222d09d798980872
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Sep 24 16:01:28 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/117371
Log:
commit 84c9ccaed34d83b7e97a4890561b1b218d99b1ba
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Wed Aug 27 17:50:19 2014 -0500
Change cms_sign_data to use sha256 message digest
cms_sign_data was not passing the md parameter to openssl, so it was
using the default digest of sha1. Some security standards require a
SHA2 algorithm for the digest.
This if for security hardening.
SecurityImpact
Change-Id: Iff063149e1f12df69bbf9015222d09d798980872
Closes-Bug: #1362343
More information about the Openstack-security
mailing list