[Openstack] [OSSA 2014-005] Missing SSL certificate check in Python Swift client (CVE-2013-6396)
david.comay at oracle.com
david.comay at oracle.com
Fri Feb 28 18:52:34 UTC 2014
> OpenStack Security Advisory: 2014-005
> CVE: CVE-2013-6396
> Date: February 17, 2014
> Title: Missing SSL certificate check in Python Swift client
> Reporter: Thomas Leaman (HP)
> Products: python-swiftclient
> Versions: 1.0 version up to 1.9.0
> python-swiftclient fix (included in 2.0 release):
> https://review.openstack.org/#/c/69187
I understand why the fix is specific to the 2.x branch
(https://bugs.launchpad.net/python-swiftclient/+bug/1199783/comments/21)
but does anyone know how compatible this version of python-swiftclient
is with Grizzly? In particular, both Glance and Horizon from Grizzly
strictly specify python-swiftclient>=1.2,<2 but I know in Havana and
later the upper-bound was removed.
More information about the Openstack
mailing list