[Openstack-security] [Bug 1511541] Re: Possible incomplete fix for OSSA-2015-005

Grant Murphy grant.murphy at hp.com
Mon Mar 7 15:09:02 UTC 2016 

Removed the OSSA task and marking invalid.

** Changed in: ossa
       Status: Incomplete => Invalid

** No longer affects: ossa

** Changed in: nova
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1511541

Title:
  Possible incomplete fix for OSSA-2015-005

Status in OpenStack Compute (nova):
  Invalid

Bug description:
  Multiple reports that the fix for [OSSA 2015-005] Websocket Hijacking
  Vulnerability in Nova VNC Server (CVE-2015-0259) is incomplete.

  https://bugs.launchpad.net/nova/+bug/1409142/comments/146
  https://bugs.launchpad.net/nova/+bug/1409142/comments/149

  Further investigation is needed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1511541/+subscriptions

More information about the Openstack-security mailing list