Comment 38 for bug 1677723
Revision history for this message
| Lance Bragstad (lbragstad) wrote Re: federated user gets wrong role (CVE-2017-2673) | #38 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
The patches in comments #29, #30, and #31 check out for me. The only comment I'd make would be to not specifically reference the bug number in a doc string while in a public review system, since we don't have a known workaround available (unless folks change their mappings). I'm not sure how sensitive that is, or what the attack vector is like given the time window of review, but I'll defer to the opinion of others. Otherwise, the code works and the tests are clean and concise. The technical aspects of the patch address the bug.
I approve based on all technical aspects of all proposed patches (#29, #30, #31). Thanks, Boris!