Comment 19 for bug 1325128
Revision history for this message
| John Garbutt (johngarbutt) wrote Re: nova metadata does not use a constant time compare for validating an HMAC token (CVE-2014-3517) | #19 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
I am +2 on russell's patch (assuming it passes gate tests, etc), as it seems to do the right thing, as far as I can tell from that article.
I would love to get someone to have time to do a manual test of that patch, but I think it makes sense.