On Tue, Jul 30, 2013 at 7:17 AM, Thierry Carrez <[email protected]> wrote: > > OpenStack Security Advisory: 2013-018 > CVE: CVE-2013-4111 > Date: July 30, 2013 > Title: Missing SSL certificate check in Python glance client > Reporter: Thomas Leaman (HP) > Products: python-glanceclient > Affects: All versions > > Description: > Thomas Leaman from HP reported that the Python Glance client was > failing to properly check certificates during the establishment of > HTTPS connections. A remote attacker with access over segments of the > network between client and server could potentially set up a man-in > the-middle attack and access the contents of the Glance client request > (or response). > > python-glanceclient fix (will be included in a future release): > https://review.openstack.org/#/c/33464/
Is there a release with this fix at this time? https://pypi.python.org/pypi/python-glanceclient/ lists the most recent version 0.9.0 as uploaded 2013-04-03. My understanding was that there was consensus around cutting releases of clients on OSSA. Thank you, Lloyd -- @lloyddewolf _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
