[Openstack-security] [Bug 1240382] Re: python-oauth2 dependency is unmaintained and has security issues

Philippe Makowski pmakowski at espelida.com
Sat Jan 4 13:30:44 UTC 2014


Hi Matthieu,

since in Mageia we also , as in Debian testing, removed  python-oauth2,
if you have any visible WIP, please tell me where I can look at. May be
I can help, even if my keystone knowledge is weak today. It could be an
opportunity to learn.

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1240382

Title:
  python-oauth2 dependency is unmaintained and has security issues

Status in OpenStack Identity (Keystone):
  Confirmed

Bug description:
  oauth2 is not maintained and have 2 CVE issues CVE-2013-4346 and CVE-2013-4347 and is not Python3 compatible
  can you remove this dependency (maybe switching to requests ? )

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1240382/+subscriptions




More information about the Openstack-security mailing list