A backport for the first bug is now in review:

https://bugs.launchpad.net/ossa/+bug/1348820

master https://review.openstack.org/#/c/109747/ (merged)

stable/icehouse https://review.openstack.org/#/c/111772/

But at the moment, we're actually still working to land complete fixes for the second two in master.

https://bugs.launchpad.net/ossa/+bug/1349597

master https://review.openstack.org/#/c/109820/ (gating at this moment; this also should have been Closes-Bug)

https://bugs.launchpad.net/ossa/+bug/1347961
master https://review.openstack.org/#/c/111106/ (gating at this moment)

On Mon, Aug 4, 2014 at 9:57 AM, Thierry Carrez <thierry@openstack.org> wrote:

Hi,

This is me with my Vulnerability Management team hat on.

We have a number of security issues in keystone where the patch landed
on master and just needs an icehouse backport:

https://bugs.launchpad.net/ossa/+bug/1348820
https://bugs.launchpad.net/ossa/+bug/1349597
https://bugs.launchpad.net/ossa/+bug/1347961

It might be worth including those security fixes in 2014.1.2 (rather
than land them a few days after)...

We are working on getting backports proposed for those.

Cheers,

--
Thierry Carrez (ttx)

_______________________________________________
Openstack-stable-maint mailing list
Openstack-stable-maint@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-stable-maint