On 09/25/2014 05:34 AM, Luciano Bello wrote: > Package: python-keystoneclient > Severity: important > Tags: security upstream patch fixed-upstream > > Hi there, > the following vulnerabilities were published for python-keystoneclient: > > CVE-2014-7144: TLS cert verification option not honored in paste configs > > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > http://seclists.org/oss-sec/2014/q3/620 > https://review.openstack.org/#/c/113191/ > > Please adjust the affected versions in the BTS as needed. Can you please > confirm > to the security-team if the stable version is affected? > > Regards, luciano
Hi Luciano, You've send twice the same bug report, using the same CVE, but for both keystonemiddleware and keystoneclient. Is this intentional? CVE-2014-7144 is about keystonemiddleware. Stable isn't affected (it doesn't contain keystonemiddleware). Though if there's another CVE which I'm not (yet) aware of on keystoneclient, then this would have to be checked. Cheers, Thomas Goirand (zigo) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
