[Yahoo-eng-team] [Bug 1703369] Re: get_identity_providers policy should be singular

Sounds right Mircea, but it won't be a security issue this time, as its in docs / unit tests, rather than code that could be used in production. Still needs a bug raised in horizon though, and well spotted. ** Changed in: ossn Status: Confirmed => Fix Released -- You received this bug

[Yahoo-eng-team] [Bug 1721063] Re: vulnerability in dnsmasq

** Changed in: ossn Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1721063 Title: vulnerability in dnsmasq Status in neutron: Won't Fix

[Yahoo-eng-team] [Bug 1668503] Re: sha512_crypt is insufficient, use pbkdf2_sha512 for password hashing

** Changed in: ossn Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1668503 Title: sha512_crypt is insufficient, use

[Yahoo-eng-team] [Bug 1686743] Re: Ceph credentials included in logs using older libvirt/qemu

** Changed in: ossn Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1686743 Title: Ceph credentials included in logs using older

[Yahoo-eng-team] [Bug 1618615] Re: Potential information disclosure in EC2 "credentials"

will add a docs bug for this issue. ** Changed in: ossn Status: New => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1618615 Title: Potential

[Yahoo-eng-team] [Bug 1673085] Re: scheduler hints are unbounded and never deleted

** Changed in: ossn Status: New => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1673085 Title: scheduler hints are unbounded and never deleted

[Yahoo-eng-team] [Bug 1649248] Re: Glance image upload wizard does not restrict invalid image files

After discussing this in the OSSP meeting, I will mark this as won't fix for the OSSN, as we already have covered this the recommended actions in several previous OSSNs. There is also a good amount of info in the security guide around protecting end points and access controls available for glance.

[Yahoo-eng-team] [Bug 1606495] Re: copy_from in api v1 allows network port scan

** Changed in: ossn Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1606495 Title: copy_from in api v1 allows network port scan Status in

[Yahoo-eng-team] [Bug 1585831] Re: Horizon dashboard leaks internal information through cookies

OSSN released: https://wiki.openstack.org/wiki/OSSN/OSSN-0073 ** Changed in: ossn Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).

[Yahoo-eng-team] [Bug 1534652] Re: Host machine exposed to tenant networks via IPv6

** Changed in: ossn Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1534652 Title: Host machine exposed to tenant networks via IPv6 Status in