Understandable query. This is an Security Note, an OSSN. Official OpenStack advisories come in the form of OSSAs. The vulnerability management team has decided this is a security issue worth noting but not a direct vulnerability so we were requested to draft this OSSN. The CVE has been cut and included in the OSSN. Sorry if I haven't explained very well, it's pretty late here. Here's some links you might find handy: https://wiki.openstack.org/wiki/Vulnerability_Management https://wiki.openstack.org/wiki/Security https://launchpad.net/~openstack-ossg https://launchpad.net/ossn Cheers -Rob On 09/08/2013 22:30, "Chmouel Boudjnah" <launchpad at chmouel.com> wrote: >I am not sure how the process works for cve, but should we wait for >the fix being merged first? > >Chmouel > >On Fri, Aug 9, 2013 at 10:30 PM, Clark, Robert Graham ><robert.clark at hp.com> wrote: >> Added the CVE information to >>https://bugs.launchpad.net/ossn/+bug/1179955 >> - any objections to this getting published?