[PKG-Openstack-devel] Bug#762749: [CVE-2014-7144] TLS cert verification option not honored in paste configs
Luciano Bello
luciano at debian.org
Wed Sep 24 21:34:44 UTC 2014
Package: python-keystoneclient
Severity: important
Tags: security upstream patch fixed-upstream
Hi there,
the following vulnerabilities were published for python-keystoneclient:
CVE-2014-7144: TLS cert verification option not honored in paste configs
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
http://seclists.org/oss-sec/2014/q3/620
https://review.openstack.org/#/c/113191/
Please adjust the affected versions in the BTS as needed. Can you please confirm
to the security-team if the stable version is affected?
Regards, luciano
More information about the Openstack-devel
mailing list