This is regarding CVE-2017-1000433 which has a base score of 6.8 and a very low impact:
https://nvd.nist.gov/vuln/detail/CVE-2017-1000433
Red Hat has decided not to fix this:
https://access.redhat.com/security/cve/cve-2017-1000433
Although the affected code is present in shipped packages, python-pysaml2 is included only as a dependency of other packages. The affected code cannot be reached in any supported configuration of Red Hat OpenStack Platform.
This is regarding CVE-2017-1000433 which has a base score of 6.8 and a very low impact:
https:/ /nvd.nist. gov/vuln/ detail/ CVE-2017- 1000433
Red Hat has decided not to fix this:
https:/ /access. redhat. com/security/ cve/cve- 2017-1000433
Although the affected code is present in shipped packages, python-pysaml2 is included only as a dependency of other packages. The affected code cannot be reached in any supported configuration of Red Hat OpenStack Platform.