[Openstack] [OSSA 2014-005] Missing SSL certificate check in Python Swift client (CVE-2013-6396)
Tristan Cacqueray
tristan.cacqueray at enovance.com
Mon Mar 3 17:56:08 UTC 2014
On 02/28/2014 07:52 PM, david.comay at oracle.com wrote:
>> OpenStack Security Advisory: 2014-005
>> CVE: CVE-2013-6396
>> Date: February 17, 2014
>> Title: Missing SSL certificate check in Python Swift client
>> Reporter: Thomas Leaman (HP)
>> Products: python-swiftclient
>> Versions: 1.0 version up to 1.9.0
>
>> python-swiftclient fix (included in 2.0 release):
>> https://review.openstack.org/#/c/69187
>
> I understand why the fix is specific to the 2.x branch
> (https://bugs.launchpad.net/python-swiftclient/+bug/1199783/comments/21)
> but does anyone know how compatible this version of python-swiftclient
> is with Grizzly? In particular, both Glance and Horizon from Grizzly
> strictly specify python-swiftclient>=1.2,<2 but I know in Havana and
> later the upper-bound was removed.
Hi David,
the bump to 2.x included some API changes (in method parameters and CLI
options), and "may" works for grizzly.
For the record, I just tested 2.x branch against grizzly, and basics
commands worked as expected (list, upload, download).
Best regards,
Tristan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140303/d83db794/attachment.sig>
More information about the Openstack
mailing list