[Openstack-security] [Bug 1240382] Re: oauth2 dependency
Thierry Carrez
thierry.carrez+lp at gmail.com
Mon Oct 21 13:31:24 UTC 2013
That would indeed be great.
** Information type changed from Public Security to Public
** Tags added: security
** Summary changed:
- oauth2 dependency
+ oauth2 dependency is unmaintained and has security issues
** Changed in: keystone
Importance: Undecided => High
** Changed in: keystone
Status: New => Confirmed
** Summary changed:
- oauth2 dependency is unmaintained and has security issues
+ python-oauth2 dependency is unmaintained and has security issues
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1240382
Title:
python-oauth2 dependency is unmaintained and has security issues
Status in OpenStack Identity (Keystone):
Confirmed
Bug description:
oauth2 is not maintained and have 2 CVE issues CVE-2013-4346 and CVE-2013-4347 and is not Python3 compatible
can you remove this dependency (maybe switching to requests ? )
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1240382/+subscriptions
More information about the Openstack-security
mailing list