Matt: Thanks for asking this. I forwarded this email to the new email list so that folks with better knowledge can answer this.
Thanks and have a great day. Yours, Michael ----------------------------------------------------------------------------- Michael Xin | Manager, Security Engineering - US Product Security |Rackspace Hosting Office #: 501-7341 or 210-312-7341 Mobile #: 210-284-8674 5000 Walzem Road, San Antonio, Tx 78218 ---------------------------------------------------------------------------- Experience fanatical support From: Matt Fischer <m...@mattfischer.com<mailto:m...@mattfischer.com>> Date: Monday, April 11, 2016 at 9:19 AM To: "openstack-secur...@lists.openstack.org<mailto:openstack-secur...@lists.openstack.org>" <openstack-secur...@lists.openstack.org<mailto:openstack-secur...@lists.openstack.org>> Subject: [Openstack-security] abandoned OSSNs? Some folks from our security team here asked me to ensure them that our services were patched for all the OSSNs that are listed here: https://wiki.openstack.org/wiki/Security_Notes Most of these are straight-forward, but there are some OSSNs that have been allocated an ID but then abandoned. There is no detailed wiki page and my best google efforts lead me to a possible IRC mention and maybe an abandoned review. The two specifically are OSSN-50/51. So what am I to do with an "abandoned" OSSN? Has it been decided that there is no issue anymore? These are pretty old if I look at the dates framing the other OSSNs (49/52), so I assume they aren't urgent. Can we ignore these? They sound somewhat scary, for example, "keystonemiddleware can allow access after token revocation" but I have no means to say whether it affects us or how we can mitigate without more info. Thoughts?
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
