Comment 22 for bug 1411063
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: S3token incorrect condition expression for ssl_insecure (CVE-2015-1852) | #22 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
On rereading the impact description, I think for clarity we should have something more like:
... When the 'insecure' option is set in a S3Token paste configuration file its value is effectively ignored. Note that it's unusual to explicitly add this option and then set it to false, so the impact of this bug is thought to be limited. ...