OpenStack Security Advisory: 2014-005 CVE: CVE-2013-6396 Date: February 17, 2014 Title: Missing SSL certificate check in Python Swift client Reporter: Thomas Leaman (HP) Products: python-swiftclient Versions: 1.0 version up to 1.9.0
python-swiftclient fix (included in 2.0 release): https://review.openstack.org/#/c/69187
I understand why the fix is specific to the 2.x branch (https://bugs.launchpad.net/python-swiftclient/+bug/1199783/comments/21) but does anyone know how compatible this version of python-swiftclient is with Grizzly? In particular, both Glance and Horizon from Grizzly strictly specify python-swiftclient>=1.2,<2 but I know in Havana and later the upper-bound was removed. _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
