oss-sec mailing list archives
Re: Re: [Openstack-announce] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413)
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 12 Sep 2012 11:21:54 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/12/2012 11:07 AM, Matt Joyce wrote:
This is not a repeat of cve-2012-3426?
Quite different: CVE-2012-3426 OpenStack-Keystone: token expiration issues https://bugzilla.redhat.com/show_bug.cgi?id=843311 CVE-2012-4413 OpenStack-Keystone: role revocation token issues https://bugzilla.redhat.com/show_bug.cgi?id=855491 - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQUMSyAAoJEBYNRVNeJnmTtXkP/RrHCL0aOigaKrV4X/giNR3q KbUcbRl2evec6d5mNryQjOT+lAQK96DHApTCvjvVNFZ/ubFKn22A5ld761IAnsbV QE72PqM6UxriZFFujgW0RXRpjmmtTwcw0tjDb5xZh6PaVg41RJxMzjMNV8DmGLoi 1Gg6YyQabD8RkkYxlCqSw2Msfo2a+Zh3VZRzM1HmZwyY69dwIdW6YfCyH+owfUgL rAjDpfX5sAc3rpEwfDrstV86UzdwI9bPDa9U2nuOM07/BP7FX+3DCi8R36hZq4ey caVermEytfVWiiLfARz0KC7O/KhTSmEKaVplLAdxNK716HstCjZTsFf72LchwnHP AG0gyu1em00wTAuR/oDXjOinwtnk14wKc4pZZa5g7TeCgG9N9KTyrXqEEuDPjdB7 3gTWmhflKSQLzBkrhZ1AdurkFJolFLiYfIvfw4VlZjluYbHOkJkXhxLw6CHNLcOf QSzD+S5n6Glb16r5eHoBNdUk3bvdlm3B7eaIHWfnsnRFMuFegpnp5sEBqdtgd8nC KOD3U4KQI6BAtq3HI6YnsK8QuJC5PBLeT1nZmvmdD0S4v/wMQ8hLf7rPfm8xhtmZ 6r6gKoPMgGDss/2dZWpX8upWt5X9IxBUimRc2ItKQZdII6s+iGclVixq7JqqEI30 31C8uRBQ6pO6zCVXrU/q =RgK0 -----END PGP SIGNATURE-----
Current thread:
- [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Thierry Carrez (Sep 12)
- Re: [Openstack-announce] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Matt Joyce (Sep 12)
- Re: Re: [Openstack-announce] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Kurt Seifried (Sep 12)
- Re: [Openstack] [Openstack-announce] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Russell Bryant (Sep 12)
- Re: [Openstack] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Soren Hansen (Sep 12)
- Re: [Openstack] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Dolph Mathews (Sep 12)
- Re: [Openstack-announce] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Matt Joyce (Sep 12)