[security] Security SIG Newsletter - Oct 31st 2019

Gage Hugo gagehugo at gmail.com
Thu Oct 31 15:40:42 UTC 2019


Hello everyone,

Due to a hectic October, this newsletter will have the updates for the
month.  The SIG meetings for the 07th, 21st, and 28th in November will be
cancelled as well due to Summit/PTG & Holidays.

Have a Happy Halloween!

#Date: 31 Oct 2019

   - Security SIG Meeting Info:
   http://eavesdrop.openstack.org/#Security_SIG_meeting


   - Weekly on Thursday at 1500 UTC in #openstack-meeting


   - Agenda: https://etherpad.openstack.org/p/security-agenda


   - https://security.openstack.org/


   - https://wiki.openstack.org/wiki/Security-SIG


#Meeting Notes (October)

   - fungi volunteers to be nova spec liaison for ussuri image encryption
   spec in nova:
   http://eavesdrop.openstack.org/meetings/image_encryption/2019/image_encryption.2019-10-21-13.00.log.html


   - The Security SIG won't be meeting on the following dates in November
   due to the Summit/PTG & Holidays


   - Nov 07th, Nov 21st, Nov 28th


#VMT Reports

   - A full list of publicly marked security issues can be found here:
   https://bugs.launchpad.net/ossa/


   - OSSA-2019-005 was released this month:
   https://security.openstack.org/ossa/OSSA-2019-005.html


   - ceph backend, secret key leak:
   https://bugs.launchpad.net/cinder/+bug/1849624


   - CSV Injection Possible in Compute Usage History:
   https://bugs.launchpad.net/horizon/+bug/1842749
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20191031/1d546069/attachment.html>


More information about the openstack-discuss mailing list