2015-01-15 01:49:26 |
Brant Knudson |
bug |
|
|
added bug |
2015-01-15 01:49:54 |
Brant Knudson |
description |
Remember bug 1353315? The auth_token middleware would set not verify the server cert when insecure=false in api-paste.ini because it passes the value as a string rather than a Boolean. Turns out he s3_token middleware has the same code.
http://git.openstack.org/cgit/openstack/keystonemiddleware/tree/keystonemiddleware/s3_token.py#n119
insecure = conf.get('insecure', False)
if insecure:
self._verify = False
conf is a dict of strings, so if you set insecure=false, then insecure here gets set to "false", which evaluates to True since it's not a zero-length string. |
Remember bug 1353315? The auth_token middleware would not verify the server cert when insecure=false in api-paste.ini because it passes the value as a string rather than a Boolean. Turns out he s3_token middleware has the same code.
http://git.openstack.org/cgit/openstack/keystonemiddleware/tree/keystonemiddleware/s3_token.py#n119
insecure = conf.get('insecure', False)
if insecure:
self._verify = False
conf is a dict of strings, so if you set insecure=false, then insecure here gets set to "false", which evaluates to True since it's not a zero-length string. |
|
2015-01-23 01:41:11 |
Morgan Fainberg |
keystonemiddleware: status |
New |
Confirmed |
|
2015-01-23 01:41:15 |
Morgan Fainberg |
keystonemiddleware: importance |
Undecided |
Critical |
|
2015-03-12 22:42:30 |
Morgan Fainberg |
bug |
|
|
added subscriber Jamie Lennox |
2015-03-15 22:50:40 |
Jamie Lennox |
keystonemiddleware: assignee |
|
Jamie Lennox (jamielennox) |
|
2015-03-15 22:51:35 |
Jamie Lennox |
attachment added |
|
0001-Convert-s3token-insecure-config-to-boolean.patch https://bugs.launchpad.net/keystonemiddleware/+bug/1411063/+attachment/4346560/+files/0001-Convert-s3token-insecure-config-to-boolean.patch |
|
2015-03-15 22:52:14 |
Jamie Lennox |
bug |
|
|
added subscriber Morgan Fainberg |
2015-03-23 21:03:45 |
Morgan Fainberg |
bug |
|
|
added subscriber OpenStack Vulnerability Management team |
2015-03-23 21:03:53 |
Morgan Fainberg |
bug |
|
|
added subscriber Keystone Drivers |
2015-03-23 21:38:22 |
Grant Murphy |
bug task added |
|
ossa |
|
2015-03-23 21:40:14 |
Grant Murphy |
ossa: status |
New |
Incomplete |
|
2015-03-23 22:41:49 |
Morgan Fainberg |
removed subscriber Keystone Drivers |
|
|
|
2015-03-23 23:23:54 |
Brant Knudson |
attachment added |
|
0001-Fix-s3_token-middleware-parsing-insecure-option.patch https://bugs.launchpad.net/keystonemiddleware/+bug/1411063/+attachment/4353952/+files/0001-Fix-s3_token-middleware-parsing-insecure-option.patch |
|
2015-03-24 19:24:20 |
Morgan Fainberg |
bug |
|
|
added subscriber Keystone Core security contacts |
2015-03-30 14:44:39 |
Thierry Carrez |
ossa: importance |
Undecided |
High |
|
2015-03-30 14:44:39 |
Thierry Carrez |
ossa: status |
Incomplete |
Confirmed |
|
2015-04-01 18:25:33 |
Tristan Cacqueray |
ossa: assignee |
|
Tristan Cacqueray (tristan-cacqueray) |
|
2015-04-01 18:25:37 |
Tristan Cacqueray |
ossa: status |
Confirmed |
Triaged |
|
2015-04-07 19:24:18 |
Tristan Cacqueray |
summary |
S3token incorrect condition expression for ssl_insecure |
S3token incorrect condition expression for ssl_insecure (CVE-2015-1852) |
|
2015-04-07 19:24:23 |
Tristan Cacqueray |
cve linked |
|
2015-1852 |
|
2015-04-07 19:52:01 |
Tristan Cacqueray |
attachment added |
|
cve-2015-1852-master-keystoneclient.patch https://bugs.launchpad.net/ossa/+bug/1411063/+attachment/4368717/+files/cve-2015-1852-master-keystoneclient.patch |
|
2015-04-07 19:55:09 |
Tristan Cacqueray |
attachment removed |
cve-2015-1852-master-keystoneclient.patch https://bugs.launchpad.net/ossa/+bug/1411063/+attachment/4368717/+files/cve-2015-1852-master-keystoneclient.patch |
|
|
2015-04-07 19:56:16 |
Tristan Cacqueray |
attachment added |
|
cve-2015-1852-master-keystoneclient.patch https://bugs.launchpad.net/ossa/+bug/1411063/+attachment/4368729/+files/cve-2015-1852-master-keystoneclient.patch |
|
2015-04-09 15:15:22 |
Tristan Cacqueray |
ossa: status |
Triaged |
Fix Committed |
|
2015-04-10 01:26:10 |
Tristan Cacqueray |
attachment added |
|
cve-2015-1852-stable-juno-keystoneclient.patch https://bugs.launchpad.net/ossa/+bug/1411063/+attachment/4371040/+files/cve-2015-1852-stable-juno-keystoneclient.patch |
|
2015-04-10 01:26:26 |
Tristan Cacqueray |
attachment added |
|
cve-2015-1852-stable-icehouse-keystoneclient.patch https://bugs.launchpad.net/ossa/+bug/1411063/+attachment/4371041/+files/cve-2015-1852-stable-icehouse-keystoneclient.patch |
|
2015-04-10 01:41:25 |
Tristan Cacqueray |
attachment removed |
cve-2015-1852-stable-juno-keystoneclient.patch https://bugs.launchpad.net/ossa/+bug/1411063/+attachment/4371040/+files/cve-2015-1852-stable-juno-keystoneclient.patch |
|
|
2015-04-10 01:41:35 |
Tristan Cacqueray |
attachment removed |
cve-2015-1852-stable-icehouse-keystoneclient.patch https://bugs.launchpad.net/ossa/+bug/1411063/+attachment/4371041/+files/cve-2015-1852-stable-icehouse-keystoneclient.patch |
|
|
2015-04-10 01:43:22 |
Tristan Cacqueray |
attachment added |
|
cve-2015-1852-stable-icehouse-keystoneclient.patch https://bugs.launchpad.net/ossa/+bug/1411063/+attachment/4371053/+files/cve-2015-1852-stable-icehouse-keystoneclient.patch |
|
2015-04-10 01:45:05 |
Tristan Cacqueray |
attachment added |
|
cve-2015-1852-stable-juno-keystoneclient.patch https://bugs.launchpad.net/ossa/+bug/1411063/+attachment/4371054/+files/cve-2015-1852-stable-juno-keystoneclient.patch |
|
2015-04-10 01:51:05 |
Tristan Cacqueray |
attachment added |
|
cve-2015-1852-stable-juno-keystonemiddleware.patch https://bugs.launchpad.net/ossa/+bug/1411063/+attachment/4371055/+files/cve-2015-1852-stable-juno-keystonemiddleware.patch |
|
2015-04-14 14:59:49 |
Tristan Cacqueray |
information type |
Private Security |
Public Security |
|
2015-04-14 15:01:45 |
OpenStack Infra |
keystonemiddleware: status |
Confirmed |
In Progress |
|
2015-04-14 15:01:45 |
OpenStack Infra |
keystonemiddleware: assignee |
Jamie Lennox (jamielennox) |
Tristan Cacqueray (tristan-cacqueray) |
|
2015-04-14 23:25:52 |
OpenStack Infra |
keystonemiddleware: status |
In Progress |
Fix Committed |
|
2015-04-15 19:01:58 |
Fuel Devops McRobotson |
keystonemiddleware: status |
Fix Committed |
In Progress |
|
2015-04-15 20:51:05 |
Boris Bobrov |
keystonemiddleware: status |
In Progress |
Fix Committed |
|
2015-04-20 14:03:39 |
Thierry Carrez |
nominated for series |
|
keystonemiddleware/kilo |
|
2015-04-20 14:03:39 |
Thierry Carrez |
bug task added |
|
keystonemiddleware/kilo |
|
2015-04-20 14:04:30 |
Thierry Carrez |
bug task added |
|
python-keystoneclient |
|
2015-04-20 14:05:04 |
Thierry Carrez |
nominated for series |
|
python-keystoneclient/kilo |
|
2015-04-20 14:05:04 |
Thierry Carrez |
bug task added |
|
python-keystoneclient/kilo |
|
2015-04-20 14:05:25 |
Thierry Carrez |
python-keystoneclient: status |
New |
Fix Committed |
|
2015-04-20 14:05:28 |
Thierry Carrez |
python-keystoneclient/kilo: status |
New |
In Progress |
|
2015-04-20 14:05:30 |
Thierry Carrez |
keystonemiddleware/kilo: status |
New |
In Progress |
|
2015-04-20 22:32:55 |
OpenStack Infra |
keystonemiddleware/kilo: assignee |
|
Brant Knudson (blk-u) |
|
2015-04-24 17:08:48 |
OpenStack Infra |
keystonemiddleware/kilo: status |
In Progress |
Fix Committed |
|
2015-04-24 17:09:36 |
OpenStack Infra |
tags |
|
in-stable-icehouse |
|
2015-04-24 17:17:13 |
OpenStack Infra |
tags |
in-stable-icehouse |
in-stable-icehouse in-stable-juno |
|
2015-04-24 17:20:50 |
Tristan Cacqueray |
summary |
S3token incorrect condition expression for ssl_insecure (CVE-2015-1852) |
[OSSA 2015-007] S3token incorrect condition expression for ssl_insecure (CVE-2015-1852) |
|
2015-04-24 17:20:56 |
Tristan Cacqueray |
ossa: status |
Fix Committed |
Fix Released |
|
2015-04-27 16:22:18 |
Brant Knudson |
python-keystoneclient/kilo: status |
In Progress |
Fix Committed |
|
2015-04-27 16:22:20 |
Morgan Fainberg |
keystonemiddleware/kilo: importance |
Undecided |
Critical |
|
2015-04-27 16:22:24 |
Morgan Fainberg |
keystonemiddleware/kilo: milestone |
|
1.5.1 |
|
2015-04-27 16:22:30 |
Morgan Fainberg |
keystonemiddleware: milestone |
|
1.6.0 |
|
2015-04-27 16:22:31 |
Brant Knudson |
python-keystoneclient/kilo: assignee |
|
Brant Knudson (blk-u) |
|
2015-04-27 16:23:30 |
Brant Knudson |
python-keystoneclient/kilo: milestone |
|
1.3.1 |
|
2015-04-27 16:29:20 |
Morgan Fainberg |
keystonemiddleware/kilo: status |
Fix Committed |
Fix Released |
|
2015-04-27 16:29:26 |
Morgan Fainberg |
python-keystoneclient/kilo: status |
Fix Committed |
Fix Released |
|
2015-04-30 23:42:24 |
Morgan Fainberg |
keystonemiddleware: status |
Fix Committed |
Fix Released |
|
2015-05-21 17:32:04 |
Morgan Fainberg |
python-keystoneclient: milestone |
|
1.4.0 |
|
2015-05-21 17:41:29 |
Morgan Fainberg |
python-keystoneclient: importance |
Undecided |
Critical |
|
2015-05-21 17:41:32 |
Morgan Fainberg |
python-keystoneclient/kilo: importance |
Undecided |
Critical |
|
2015-05-26 22:16:43 |
Morgan Fainberg |
nominated for series |
|
keystonemiddleware/juno |
|
2015-05-26 22:16:43 |
Morgan Fainberg |
bug task added |
|
keystonemiddleware/juno |
|
2015-05-26 22:16:51 |
Morgan Fainberg |
keystonemiddleware/juno: status |
New |
Fix Committed |
|
2015-05-26 22:17:10 |
Morgan Fainberg |
keystonemiddleware/juno: importance |
Undecided |
Critical |
|
2015-05-26 22:17:23 |
Morgan Fainberg |
keystonemiddleware/juno: assignee |
|
Brant Knudson (blk-u) |
|
2015-05-26 22:17:27 |
Morgan Fainberg |
keystonemiddleware/juno: milestone |
|
1.3.2 |
|
2015-05-26 22:22:35 |
Morgan Fainberg |
keystonemiddleware/juno: status |
Fix Committed |
Fix Released |
|
2015-05-28 22:10:33 |
Morgan Fainberg |
python-keystoneclient: status |
Fix Committed |
Fix Released |
|