OpenStack Compute (nova)

Bug #1325128
Activity log

Activity log for bug #1325128

Date	Who	What changed	Old value	New value	Message
2014-05-30 23:36:17	Alex Gaynor	bug			added bug
2014-05-31 00:29:36	Tristan Cacqueray	bug task added		ossa
2014-05-31 00:29:44	Tristan Cacqueray	ossa: status	New	Incomplete
2014-05-31 00:31:08	Tristan Cacqueray	bug			added subscriber Nova Core security contacts
2014-06-09 15:11:50	Jeremy Stanley	bug			added subscriber Nathan Kinder
2014-06-09 15:12:44	Jeremy Stanley	bug			added subscriber Malini Bhandaru
2014-06-09 15:14:24	Jeremy Stanley	bug			added subscriber Robert Clark
2014-06-10 13:50:40	Andrew Laski	bug			added subscriber Russell Bryant
2014-06-10 14:29:52	Russell Bryant	attachment added		0001-Avoid-possible-timing-attack-in-metadata-api.patch https://bugs.launchpad.net/nova/+bug/1325128/+attachment/4128977/+files/0001-Avoid-possible-timing-attack-in-metadata-api.patch
2014-06-16 14:28:01	Thierry Carrez	ossa: status	Incomplete	Confirmed
2014-06-17 01:00:01	Grant Murphy	ossa: assignee		Grant Murphy (gmurphy)
2014-06-23 14:19:48	Thierry Carrez	ossa: importance	Undecided	Medium
2014-06-23 14:23:47	Thierry Carrez	nova: status	New	In Progress
2014-06-24 04:57:43	Grant Murphy	cve linked		2014-3517
2014-06-24 04:57:57	Grant Murphy	summary	nova metadata does not use a constant time compare for validating an HMAC token	nova metadata does not use a constant time compare for validating an HMAC token (CVE-2014-3517)
2014-06-30 14:17:57	Thierry Carrez	ossa: status	Confirmed	In Progress
2014-07-08 06:52:28	Grant Murphy	attachment added		master-0001-Avoid-possible-timing-attack-in-metadata-api.patch https://bugs.launchpad.net/ossa/+bug/1325128/+attachment/4147846/+files/master-0001-Avoid-possible-timing-attack-in-metadata-api.patch
2014-07-08 06:53:06	Grant Murphy	attachment added		icehouse-0001-Avoid-possible-timing-attack-in-metadata-api.patch https://bugs.launchpad.net/ossa/+bug/1325128/+attachment/4147848/+files/icehouse-0001-Avoid-possible-timing-attack-in-metadata-api.patch
2014-07-08 06:53:26	Grant Murphy	attachment added		havana-0001-Avoid-possible-timing-attack-in-metadata-api.patch https://bugs.launchpad.net/ossa/+bug/1325128/+attachment/4147849/+files/havana-0001-Avoid-possible-timing-attack-in-metadata-api.patch
2014-07-09 03:07:38	Grant Murphy	nova: importance	Undecided	High
2014-07-14 14:21:24	Thierry Carrez	ossa: status	In Progress	Fix Committed
2014-07-16 14:38:48	Grant Murphy	information type	Private Security	Public
2014-07-16 15:55:23	OpenStack Infra	nova: assignee		Grant Murphy (gmurphy)
2014-07-17 09:13:20	OpenStack Infra	nova: status	In Progress	Fix Committed
2014-07-17 13:13:19	Tristan Cacqueray	summary	nova metadata does not use a constant time compare for validating an HMAC token (CVE-2014-3517)	[OSSA 2014-024] nova metadata does not use a constant time compare for validating an HMAC token (CVE-2014-3517)
2014-07-23 14:53:55	Russell Bryant	nova: status	Fix Committed	Fix Released
2014-07-23 14:53:55	Russell Bryant	nova: milestone		juno-2
2014-07-23 23:37:02	OpenStack Infra	tags		in-stable-havana
2014-07-24 00:09:28	OpenStack Infra	tags	in-stable-havana	in-stable-havana in-stable-icehouse
2014-07-28 14:51:27	Thierry Carrez	ossa: status	Fix Committed	Fix Released
2014-08-07 12:38:31	Chuck Short	nominated for series		nova/icehouse
2014-08-07 12:38:31	Chuck Short	bug task added		nova/icehouse
2014-08-07 12:38:42	Chuck Short	nova/icehouse: status	New	Fix Committed
2014-08-07 12:38:45	Chuck Short	nova/icehouse: milestone		2014.1.2
2014-08-07 16:55:04	Chuck Short	nova/icehouse: status	Fix Committed	Fix Released
2014-09-22 13:09:09	Alan Pevec	nominated for series		nova/havana
2014-09-22 13:09:10	Alan Pevec	bug task added		nova/havana
2014-09-22 17:29:56	Alan Pevec	nova/havana: status	New	Fix Committed
2014-09-22 17:29:56	Alan Pevec	nova/havana: milestone		2013.2.4
2014-09-22 22:23:38	Alan Pevec	nova/havana: status	Fix Committed	Fix Released
2014-10-16 08:37:30	Thierry Carrez	nova: milestone	juno-2	2014.2