[openstack-dev] [openstack-announce] [OSSA 2013-018] Missing SSL certificate check in Python glance client (CVE-2013-4111)

Thierry Carrez thierry at openstack.org
Fri Aug 9 08:28:52 UTC 2013


Lloyd Dewolf wrote:
> On Tue, Jul 30, 2013 at 7:17 AM, Thierry Carrez <thierry at openstack.org> wrote:
>> OpenStack Security Advisory: 2013-018
>> CVE: CVE-2013-4111
>> [...]
>> python-glanceclient fix (will be included in a future release):
>> https://review.openstack.org/#/c/33464/
> 
> Is there a release with this fix at this time?
> 
> https://pypi.python.org/pypi/python-glanceclient/ lists the most
> recent version 0.9.0 as uploaded 2013-04-03.
> 
> My understanding was that there was consensus around cutting releases
> of clients on OSSA.

Yes there is, and I've been asking for a new python-glanceclient cut to
address this... My wishes have just been granted:

See 0.10.0 at https://pypi.python.org/pypi/python-glanceclient/

Cheers,

-- 
Thierry Carrez (ttx)



More information about the OpenStack-dev mailing list