[Openstack-security] [OSSG] DRAFT: Security Note: Keystone Resource Exhaustion without HTTP POST limiting
Kurt Seifried
kseifried at redhat.com
Tue Apr 23 17:35:05 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/23/2013 06:47 AM, Christopher Ricker (chricker) wrote:
> On 4/23/13 2:33 AM, "Kurt Seifried" <kseifried at redhat.com> wrote:
>>
>> So if it's ok with you guys I'd like to make sure that all
>> OpenStack security issues get CVE's assigned regardless of
>> whether or not they are going to be fixed in code (e.g. addressed
>> with a security note, maybe a config change, a documentation
>> change, whatever).
>
> Request seconded -- this will be helpful for the various down
> streams packaging OpenStack
Can you or anyone else go through the previous security related issues
and post the ones needing a CVE? I've been meaning to do this for
weeks but keep getting hit with other things. Thanks.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iQIcBAEBAgAGBQJRdsZJAAoJEBYNRVNeJnmTBrsQALDO7fBiv2oM7S7IeAfe2Ts9
f07N20gdygmlGEHbBi3tupq1FRdb3WWw4ooFDrkYo2FtEQeUIj39tPXmJe3dBS96
qHW6lSFFkdC4FPKhqGPuDDQl1q3R051Mjpf/sa1JF453YDF/ukuLnwv9/Q9ZLn6c
CJWAIPKLrpZyOMk0uBpYO7NQlwAqeOdTVN57OO4BTqerW0Kq58M5bNBE7cK2t75h
yvwKPrw1w6k6zuWTF48NHDowC3dG+FuodW4oUr+jJErR5nIddTx+H6BY89EWxOe5
ev4PPBFYd4y9JuZvmhBxn2rzQRNunTbSUoH9SmpByZQoWb/q6S4fhIY5QaXhuJ7M
Z8NRDGvX0UvITUH8AHAK8d23wsYGNVRJ+Zf6ujBJ8sO03k4pHwgNsqYsfbrhYkw3
m1z6BnPpDWOsyOrXph5ssrIQcrKiBNCgYCVJxJ99KdnlD3klXBXIC6rvFvRcPWUh
DkjdLjyt26B32mi+AhdQYnGgE57uTNhJj6VdsVyZK0GVDbAGeOWGxc48oEc3DN59
gFp9t2srzk7YP7eCBQxqsm8gUP/i73P8P2mXQXZqNt5VFK7rO3mLomYnt4uwl/zn
8SngwE8Mwd+tZPf4QJYO6RIhDXLMqA7Yj0jDde1TWPb39EdBjlbGSfOSScrDAkDr
UieTNCx23n0HHK9/LqUF
=McM+
-----END PGP SIGNATURE-----
More information about the Openstack-security
mailing list