subject:"\[Openstack\] \[OSSA 2012\-016\] Token authorization for a user in a disabled tenant is allowed \(CVE\-2012\-4457\)"

Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457)

2012-10-02 Thread Thierry Carrez

andi abes wrote: is the plan going forward to announce these on friday afternoons? We generally release embargoed issues only on Tue-Thu. In this precise case, the fixes have been long committed and released, but they were never brought to the Vulnerability Management Team attention, which

[Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457)

2012-09-28 Thread Russell Bryant

OpenStack Security Advisory: 2012-016 CVE: CVE-2012-4457 Date: September 28, 2012 Title: Token authorization for a user in a disabled tenant is allowed Impact: High Reporter: Rohit Karajgi (NTT Data) Affects: Essex (prior to 2012.1.2), Folsom (prior to folsom-3 development milestone) Description:

Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457)

2012-09-28 Thread andi abes

is the plan going forward to announce these on friday afternoons? On Fri, Sep 28, 2012 at 4:50 PM, Russell Bryant rbry...@redhat.com wrote: OpenStack Security Advisory: 2012-016 CVE: CVE-2012-4457 Date: September 28, 2012 Title: Token authorization for a user in a disabled tenant is allowed