Reviewed: https://review.openstack.org/126592 Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=d5efe6703297761215907eeaf703cec040e6ad25 Submitter: Jenkins Branch: proposed/juno
commit d5efe6703297761215907eeaf703cec040e6ad25 Author: Tristan Cacqueray <tristan.cacque...@enovance.com> Date: Fri Oct 3 19:57:01 2014 +0000 Sync latest processutils from oslo-incubator An earlier commit (Ia92aab76fa83d01c5fbf6f9d31df2463fc26ba5c) failed to address ssh_execute(). This change set addresses ssh_execute. ------------------------------------------------ oslo-incubator head: commit 4990535fb5f3e2dc9b397e1a18c1b5dda94ef1c4 Merge: 9f5c700 2a130bf Author: Jenkins <jenk...@review.openstack.org> Date: Mon Sep 29 23:12:14 2014 +0000 Merge "Script to list unreleased changes in all oslo projects" ----------------------------------------------- The sync pulls in the following changes (newest to oldest): 6a60f842 - Mask passwords in exceptions and error messages (SSH) ----------------------------------------------- Change-Id: Ie0caf32469126dd9feb44867adf27acb6e383958 Closes-Bug: #1377981 (cherry picked from commit 5e4e1f7ea71f9b4c7bd15809c58bc7a1838ed567) ** Changed in: cinder Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1377981 Title: Missing fix for ssh_execute (Exceptions thrown may contain passwords) (CVE-2014-7230, CVE-2014-7231) Status in Cinder: Fix Released Status in Cinder icehouse series: In Progress Status in OpenStack Compute (Nova): Fix Committed Status in OpenStack Compute (nova) icehouse series: New Status in The Oslo library incubator: Fix Released Status in oslo-incubator icehouse series: New Status in OpenStack Security Advisories: In Progress Bug description: Former bugs: https://bugs.launchpad.net/ossa/+bug/1343604 https://bugs.launchpad.net/ossa/+bug/1345233 The ssh_execute method is still affected in Cinder and Nova Icehouse release. It is prone to password leak if: - passwords are used on the command line - execution fail - calling code catch and log the exception The missing fix from oslo-incubator to be merged is: 6a60f84258c2be3391541dbe02e30b8e836f6c22 To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1377981/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp