[PKG-Openstack-devel] Bug#749026: Bug#749026: Bug#749026: keystone: CVE-2014-0204: nproper role assignments to users
Salvatore Bonaccorso
carnil at debian.org
Fri May 23 08:31:31 UTC 2014
Hi Thomas,
On Fri, May 23, 2014 at 03:50:47PM +0800, Thomas Goirand wrote:
[...]
> FYI, Essex (eg: what's in Wheezy) isn't affected. Also, the current
> backport to Icehouse (eg: 2014.1) is still under review:
>
> https://review.openstack.org/#/c/94397/
>
> I prefer to wait until the review process is finished. As I understand,
> the regression is: a userid containing a ',' can't log in.
>
> Do you think, like I do, that I should lower the severity of this bug
> and let 2014.1-3 migrate to testing?
Yes, I think it is fine to lower the severity of this bug to important.
Regards,
Salvatore
More information about the Openstack-devel
mailing list