@Kurt: Since it's not OpenStack-specific, I think it would be more appropriate for the original researchers (Grant and Dhiru) to post to oss-security (unless it's done already ?) We should probably wait for that before we make this bug public.
@Kurt: Since it's not OpenStack-specific, I think it would be more appropriate for the original researchers (Grant and Dhiru) to post to oss-security (unless it's done already ?) We should probably wait for that before we make this bug public.