Comment 36 for bug 1282865
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: Keystone middleware may confuse contexts (CVE-2014-0105) | #36 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
My tests[1] found those services using auth_token without "thread" patched:
* Havana:
glance-registry ({'socket': True, 'time': True})
* Icehouse
ceilometer-api ({'socket': True})
swift
Nova in master is also vulnerable when "--remote_debug" switches are used: "# turn off thread patching to enable the remote debugger"
[1]: http://