[Openstack-security] [Bug 1511541] Re: Possible incomplete fix for OSSA-2015-005

Augustina Ragwitz 1511541 at bugs.launchpad.net
Fri Feb 5 04:26:17 UTC 2016 

** Changed in: nova
       Status: New => Confirmed

** Changed in: nova
       Status: Confirmed => Incomplete

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1511541

Title:
  Possible incomplete fix for OSSA-2015-005

Status in OpenStack Compute (nova):
  Incomplete
Status in OpenStack Security Advisory:
  Incomplete

Bug description:
  Multiple reports that the fix for [OSSA 2015-005] Websocket Hijacking
  Vulnerability in Nova VNC Server (CVE-2015-0259) is incomplete.

  https://bugs.launchpad.net/nova/+bug/1409142/comments/146
  https://bugs.launchpad.net/nova/+bug/1409142/comments/149

  Further investigation is needed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1511541/+subscriptions

More information about the Openstack-security mailing list