[Openstack-devel] Bug#700240: keystone: CVE-2013-0270: Large HTTP request DoS
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 14 06:07:43 UTC 2013
Hi Thomas
On Thu, Feb 14, 2013 at 12:55:02PM +0800, Thomas Goirand wrote:
> On 02/14/2013 05:36 AM, Salvatore Bonaccorso wrote:
> > Hi Thomas
> >
> > Cc'in the Security Team as they might give better input on this.
> >
> > I have done this as best to my knowledge. I was reporting
> > found/assigned CVE's, but mistakes can happen. E.g. in keystone
> > changelog it's refering to CVE-2013-0247.
> >
> > There are two CVE's so far.
>
> Yes, and I feel sorry for what I wrote. What confused me a lot is that
> both patches are addressing the same problem, so I don't really
> understand. I've asked upstream, I will know soon.
It's okay Thomas ;-). Thank you for keeping working on this! In case I
can help somehow, please let me know. If I find more references and/
or informations I would keep you informed too (but have limited time
coming days).
Regards,
Salvatore
More information about the Openstack-devel
mailing list