Comment 24 for bug 1628031
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: keystonemiddleware logs token in stacktrace (CVE-2017-2592) | #24 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Divya: Yes, a CVE was requested in private from our CNA yesterday shortly following Joshua's review of the proposed patch, and I updated the bug title earlier today once I received it. Next step is to propose a coordinated disclosure date and then send a pre-OSSA to our downstream stakeholders providing them with advance copies of the impact description and patch.