[Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457)
Thierry Carrez
thierry at openstack.org
Tue Oct 2 20:01:50 UTC 2012
andi abes wrote:
> is the plan going forward to announce these on friday afternoons?
We generally release embargoed issues only on Tue-Thu.
In this precise case, the fixes have been long committed and released,
but they were never brought to the Vulnerability Management Team
attention, which resulted in the lack of a published advisory. In this
case we thought the sooner we issue an advisory would be the better.
Regards,
--
Thierry Carrez (ttx)
Vulnerability Management Team hat on
More information about the Openstack
mailing list