[Openstack] [OSSA 2014-005] Missing SSL certificate check in Python Swift client (CVE-2013-6396)
Sean Dague
sean at dague.net
Mon Mar 3 20:23:55 UTC 2014
On 03/03/2014 12:56 PM, Tristan Cacqueray wrote:
> On 02/28/2014 07:52 PM, david.comay at oracle.com wrote:
>>> OpenStack Security Advisory: 2014-005
>>> CVE: CVE-2013-6396
>>> Date: February 17, 2014
>>> Title: Missing SSL certificate check in Python Swift client
>>> Reporter: Thomas Leaman (HP)
>>> Products: python-swiftclient
>>> Versions: 1.0 version up to 1.9.0
>>
>>> python-swiftclient fix (included in 2.0 release):
>>> https://review.openstack.org/#/c/69187
>>
>> I understand why the fix is specific to the 2.x branch
>> (https://bugs.launchpad.net/python-swiftclient/+bug/1199783/comments/21)
>> but does anyone know how compatible this version of python-swiftclient
>> is with Grizzly? In particular, both Glance and Horizon from Grizzly
>> strictly specify python-swiftclient>=1.2,<2 but I know in Havana and
>> later the upper-bound was removed.
>
> Hi David,
>
> the bump to 2.x included some API changes (in method parameters and CLI
> options), and "may" works for grizzly.
>
> For the record, I just tested 2.x branch against grizzly, and basics
> commands worked as expected (list, upload, download).
>
> Best regards,
> Tristan
2.x isn't grizzly compatible, we ran into substantial issues with the
swift cli which made us dump a bunch of the swift tests in the gate to
stop blocking stable/havana code from moving forward.
-Sean
--
Sean Dague
http://dague.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140303/8079f866/attachment.sig>
More information about the Openstack
mailing list