| 2013-01-16 13:47:43 |
Thierry Carrez |
bug |
|
|
added bug |
| 2013-01-16 13:47:57 |
Thierry Carrez |
bug |
|
|
added subscriber Joseph Heck |
| 2013-01-16 13:48:03 |
Thierry Carrez |
bug |
|
|
added subscriber Dan Prince |
| 2013-01-16 13:48:12 |
Thierry Carrez |
bug |
|
|
added subscriber OpenStack Vulnerability Management team |
| 2013-01-16 13:48:22 |
Thierry Carrez |
bug |
|
|
added subscriber Keystone Core Developers |
| 2013-01-16 15:28:04 |
Thierry Carrez |
bug |
|
|
added subscriber Jonathan Murray |
| 2013-01-17 17:12:55 |
Dolph Mathews |
keystone: status |
New |
Confirmed |
|
| 2013-01-17 17:12:57 |
Dolph Mathews |
keystone: assignee |
|
Dolph Mathews (dolph) |
|
| 2013-01-18 02:05:08 |
Dolph Mathews |
attachment added |
|
bug-110082-master-v1.patch https://bugs.launchpad.net/keystone/+bug/1100282/+attachment/3486851/+files/bug-110082-master-v1.patch |
|
| 2013-01-18 02:29:49 |
Dolph Mathews |
attachment added |
|
bug-110082-folsom-v1.patch https://bugs.launchpad.net/keystone/+bug/1100282/+attachment/3486862/+files/bug-110082-folsom-v1.patch |
|
| 2013-01-18 02:30:17 |
Dolph Mathews |
attachment added |
|
bug-110082-essex-v1.patch https://bugs.launchpad.net/keystone/+bug/1100282/+attachment/3486863/+files/bug-110082-essex-v1.patch |
|
| 2013-01-22 13:35:46 |
Mark McLoughlin |
keystone: milestone |
|
2012.2.3 |
|
| 2013-01-25 16:19:15 |
Mark McLoughlin |
keystone: milestone |
2012.2.3 |
|
|
| 2013-01-30 09:49:18 |
Thierry Carrez |
bug task added |
|
nova |
|
| 2013-01-30 09:49:59 |
Thierry Carrez |
bug |
|
|
added subscriber Joshua Harlow |
| 2013-01-30 09:50:43 |
Thierry Carrez |
keystone: importance |
Undecided |
High |
|
| 2013-01-30 09:50:47 |
Thierry Carrez |
nova: status |
New |
Confirmed |
|
| 2013-01-30 09:50:49 |
Thierry Carrez |
nova: importance |
Undecided |
High |
|
| 2013-01-30 09:51:49 |
Thierry Carrez |
description |
Jonathan Murray from NCC Group reported that you can DoS keystone servers using XML entities in Keystone requests:
POST /v2.0/tokens HTTP/1.1
content-type: application/xml
<!DOCTYPE foo [
<!ENTITY a "AAAA lots of As AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvAAAAAAAAAA" >
<!ENTITY b "&a;&a;&a;&a;&a;&a;&a;&a;" >
<!ENTITY c "&b;&b;&b;&b;&b;&b;&b;&b;" >
]>
<auth>
<tenantName>&c;</tenantName>
<passwordCredentials>
<username>&c;</username>
<username>&c;</username>
<username>&c;</username>
<username>&c;</username>
<password>&c;</password>
<somethingElse>&c;</somethingElse>
<somethingElse1>&c;</somethingElse1>
<somethingElse2>&c;</somethingElse2>
</passwordCredentials>
</auth>
In that precise case it might be an issue with the XML library we use, although it sounds generally safer to disable parsing ENTITY blocks entirely if we can. |
Jonathan Murray from NCC Group reported that you can DoS keystone servers using XML entities in Keystone requests.
[ Joshua Harlow from Yahoo! independently reported the same issue plaguing Nova (using minidom). ]
POST /v2.0/tokens HTTP/1.1
content-type: application/xml
<!DOCTYPE foo [
<!ENTITY a "AAAA lots of As AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvAAAAAAAAAA" >
<!ENTITY b "&a;&a;&a;&a;&a;&a;&a;&a;" >
<!ENTITY c "&b;&b;&b;&b;&b;&b;&b;&b;" >
]>
<auth>
<tenantName>&c;</tenantName>
<passwordCredentials>
<username>&c;</username>
<username>&c;</username>
<username>&c;</username>
<username>&c;</username>
<password>&c;</password>
<somethingElse>&c;</somethingElse>
<somethingElse1>&c;</somethingElse1>
<somethingElse2>&c;</somethingElse2>
</passwordCredentials>
</auth>
In that precise case it might be an issue with the XML library we use, although it sounds generally safer to disable parsing ENTITY blocks entirely if we can. |
|
| 2013-01-30 15:37:16 |
Thierry Carrez |
bug task added |
|
cinder |
|
| 2013-01-30 15:37:30 |
Thierry Carrez |
bug task added |
|
quantum |
|
| 2013-01-30 15:37:37 |
Thierry Carrez |
cinder: status |
New |
Confirmed |
|
| 2013-01-30 15:37:41 |
Thierry Carrez |
cinder: importance |
Undecided |
High |
|
| 2013-01-30 15:37:44 |
Thierry Carrez |
quantum: status |
New |
Confirmed |
|
| 2013-01-30 15:37:47 |
Thierry Carrez |
quantum: importance |
Undecided |
High |
|
| 2013-01-30 15:38:14 |
Thierry Carrez |
keystone: status |
Confirmed |
Triaged |
|
| 2013-01-31 17:42:53 |
Dan Prince |
bug |
|
|
added subscriber Doug Hellmann |
| 2013-02-01 02:17:04 |
Joshua Harlow |
attachment added |
|
fix.py https://bugs.launchpad.net/keystone/+bug/1100282/+attachment/3509767/+files/fix.py |
|
| 2013-02-01 02:51:40 |
Joshua Harlow |
bug |
|
|
added subscriber Annie Cheng |
| 2013-02-01 02:51:45 |
Joshua Harlow |
bug |
|
|
added subscriber Nikita Savin |
| 2013-02-01 04:07:56 |
Nikita Savin |
bug task added |
|
oslo |
|
| 2013-02-01 08:23:17 |
Joshua Harlow |
attachment added |
|
fix2.py https://bugs.launchpad.net/keystone/+bug/1100282/+attachment/3509978/+files/fix2.py |
|
| 2013-02-01 09:12:06 |
Thierry Carrez |
bug |
|
|
added subscriber Stuart Stent |
| 2013-02-01 14:49:40 |
Dan Prince |
nova: assignee |
|
Dan Prince (dan-prince) |
|
| 2013-02-01 18:26:00 |
Dan Prince |
attachment added |
|
Nova Grizzly minidom patch fix https://bugs.launchpad.net/keystone/+bug/1100282/+attachment/3510584/+files/0001-Add-a-safe_minidom_parse_string-function.patch |
|
| 2013-02-01 20:31:05 |
Dan Prince |
attachment removed |
Nova Grizzly minidom patch fix https://bugs.launchpad.net/keystone/+bug/1100282/+attachment/3510584/+files/0001-Add-a-safe_minidom_parse_string-function.patch |
|
|
| 2013-02-01 20:46:52 |
Dan Prince |
attachment added |
|
Nova Grizzly minidom patch fix https://bugs.launchpad.net/keystone/+bug/1100282/+attachment/3510790/+files/grizzly-0001-Add-a-safe_minidom_parse_string-function.patch |
|
| 2013-02-01 22:07:31 |
Dan Prince |
attachment removed |
Nova Grizzly minidom patch fix https://bugs.launchpad.net/keystone/+bug/1100282/+attachment/3510790/+files/grizzly-0001-Add-a-safe_minidom_parse_string-function.patch |
|
|
| 2013-02-01 22:08:18 |
Dan Prince |
attachment added |
|
Nova Grizzly minidom patch fix https://bugs.launchpad.net/keystone/+bug/1100282/+attachment/3510983/+files/grizzly-0001-Add-a-safe_minidom_parse_string-function.patch |
|
| 2013-02-02 19:35:08 |
Dan Prince |
attachment added |
|
Nova Folsom minidom patch fix https://bugs.launchpad.net/keystone/+bug/1100282/+attachment/3512333/+files/folsom-0001-Add-a-safe_minidom_parse_string-function.patch |
|
| 2013-02-02 19:35:37 |
Dan Prince |
attachment added |
|
Nova Essex minidom patch fix https://bugs.launchpad.net/keystone/+bug/1100282/+attachment/3512334/+files/essex-0001-Add-a-safe_minidom_parse_string-function.patch |
|
| 2013-02-02 19:35:58 |
Dan Prince |
nova: status |
Confirmed |
In Progress |
|
| 2013-02-02 19:36:29 |
Dan Prince |
cinder: assignee |
|
Dan Prince (dan-prince) |
|
| 2013-02-02 19:36:33 |
Dan Prince |
cinder: status |
Confirmed |
In Progress |
|
| 2013-02-03 20:01:42 |
Doug Hellmann |
bug |
|
|
added subscriber Christian Heimes |
| 2013-02-04 02:37:16 |
Dan Prince |
attachment removed |
Nova Grizzly minidom patch fix https://bugs.launchpad.net/cinder/+bug/1100282/+attachment/3510983/+files/grizzly-0001-Add-a-safe_minidom_parse_string-function.patch |
|
|
| 2013-02-04 02:37:32 |
Dan Prince |
attachment removed |
Nova Folsom minidom patch fix https://bugs.launchpad.net/cinder/+bug/1100282/+attachment/3512333/+files/folsom-0001-Add-a-safe_minidom_parse_string-function.patch |
|
|
| 2013-02-04 02:37:43 |
Dan Prince |
attachment removed |
Nova Essex minidom patch fix https://bugs.launchpad.net/cinder/+bug/1100282/+attachment/3512334/+files/essex-0001-Add-a-safe_minidom_parse_string-function.patch |
|
|
| 2013-02-04 02:38:08 |
Dan Prince |
attachment added |
|
Nova Grizzly minidom patch fix https://bugs.launchpad.net/cinder/+bug/1100282/+attachment/3513857/+files/grizzly-0001-Add-a-safe_minidom_parse_string-function.patch |
|
| 2013-02-04 02:38:32 |
Dan Prince |
attachment added |
|
Nova Folsom minidom patch fix https://bugs.launchpad.net/cinder/+bug/1100282/+attachment/3513858/+files/folsom-0001-Add-a-safe_minidom_parse_string-function.patch |
|
| 2013-02-04 02:38:57 |
Dan Prince |
attachment added |
|
Nova Essex minidom patch fix https://bugs.launchpad.net/cinder/+bug/1100282/+attachment/3513859/+files/essex-0001-Add-a-safe_minidom_parse_string-function.patch |
|
| 2013-02-04 03:15:59 |
Dan Prince |
attachment removed |
Nova Grizzly minidom patch fix https://bugs.launchpad.net/cinder/+bug/1100282/+attachment/3513857/+files/grizzly-0001-Add-a-safe_minidom_parse_string-function.patch |
|
|
| 2013-02-04 03:16:08 |
Dan Prince |
attachment removed |
Nova Essex minidom patch fix https://bugs.launchpad.net/cinder/+bug/1100282/+attachment/3513859/+files/essex-0001-Add-a-safe_minidom_parse_string-function.patch |
|
|
| 2013-02-04 03:16:17 |
Dan Prince |
attachment removed |
Nova Folsom minidom patch fix https://bugs.launchpad.net/cinder/+bug/1100282/+attachment/3513858/+files/folsom-0001-Add-a-safe_minidom_parse_string-function.patch |
|
|
| 2013-02-04 03:18:13 |
Dan Prince |
attachment added |
|
Nova Grizzly minidom patch fix https://bugs.launchpad.net/cinder/+bug/1100282/+attachment/3513867/+files/nova-grizzly-0001-Add-a-safe_minidom_parse_string-function.patch |
|
| 2013-02-04 03:18:57 |
Dan Prince |
attachment added |
|
Nova Folsom minidom patch fix https://bugs.launchpad.net/cinder/+bug/1100282/+attachment/3513868/+files/nova-folsom-0001-Add-a-safe_minidom_parse_string-function.patch |
|
| 2013-02-04 03:19:24 |
Dan Prince |
attachment added |
|
Nova Essex minidom patch fix https://bugs.launchpad.net/cinder/+bug/1100282/+attachment/3513869/+files/nova-essex-0001-Add-a-safe_minidom_parse_string-function.patch |
|
| 2013-02-04 03:21:14 |
Dan Prince |
attachment added |
|
Cinder Grizzly minidom patch fix https://bugs.launchpad.net/cinder/+bug/1100282/+attachment/3513871/+files/cinder-grizzly-0001-Add-a-safe_minidom_parse_string-function.patch |
|
| 2013-02-04 03:37:26 |
Dan Prince |
attachment added |
|
Cinder Folsom minidom patch fix https://bugs.launchpad.net/cinder/+bug/1100282/+attachment/3513902/+files/cinder-folsom-0001-Add-a-safe_minidom_parse_string-function.patch |
|
| 2013-02-04 03:44:40 |
Dan Prince |
quantum: status |
Confirmed |
Incomplete |
|
| 2013-02-04 15:55:46 |
Thierry Carrez |
bug |
|
|
added subscriber Cinder Core |
| 2013-02-04 15:56:01 |
Thierry Carrez |
bug |
|
|
added subscriber Vish Ishaya |
| 2013-02-07 12:48:26 |
Thierry Carrez |
quantum: status |
Incomplete |
Confirmed |
|
| 2013-02-07 12:48:31 |
Thierry Carrez |
nova: status |
In Progress |
Triaged |
|
| 2013-02-07 12:48:35 |
Thierry Carrez |
cinder: status |
In Progress |
Triaged |
|
| 2013-02-07 12:48:40 |
Thierry Carrez |
oslo: status |
New |
Confirmed |
|
| 2013-02-12 05:30:32 |
Thierry Carrez |
bug |
|
|
added subscriber OpenStack Stable Branch Maintainers |
| 2013-02-12 05:38:29 |
Thierry Carrez |
cve linked |
|
2013-0278 |
|
| 2013-02-12 05:38:29 |
Thierry Carrez |
cve linked |
|
2013-0279 |
|
| 2013-02-12 05:38:29 |
Thierry Carrez |
cve linked |
|
2013-0280 |
|
| 2013-02-18 13:55:47 |
Thierry Carrez |
oslo: importance |
Undecided |
High |
|
| 2013-02-18 14:07:47 |
Christian Heimes |
cve linked |
|
2013-1664 |
|
| 2013-02-18 14:07:47 |
Christian Heimes |
cve linked |
|
2013-1665 |
|
| 2013-02-19 09:03:20 |
Thierry Carrez |
cve unlinked |
2013-0280 |
|
|
| 2013-02-19 09:03:31 |
Thierry Carrez |
cve unlinked |
2013-0279 |
|
|
| 2013-02-19 09:03:48 |
Thierry Carrez |
cve unlinked |
2013-0278 |
|
|
| 2013-02-19 09:04:04 |
Thierry Carrez |
cve unlinked |
2013-1665 |
|
|
| 2013-02-19 09:05:02 |
Thierry Carrez |
summary |
DoS through XML entity expansion |
DoS through XML entity expansion (CVE-2013-1664) |
|
| 2013-02-19 09:05:22 |
Thierry Carrez |
bug |
|
|
added subscriber Canonical Security Team |
| 2013-02-19 10:31:44 |
Thierry Carrez |
nominated for series |
|
keystone/essex |
|
| 2013-02-19 10:31:44 |
Thierry Carrez |
bug task added |
|
keystone/essex |
|
| 2013-02-19 10:31:44 |
Thierry Carrez |
nominated for series |
|
keystone/folsom |
|
| 2013-02-19 10:31:44 |
Thierry Carrez |
bug task added |
|
keystone/folsom |
|
| 2013-02-19 10:31:56 |
Thierry Carrez |
keystone/essex: status |
New |
Triaged |
|
| 2013-02-19 10:31:58 |
Thierry Carrez |
keystone/folsom: status |
New |
Triaged |
|
| 2013-02-19 10:32:00 |
Thierry Carrez |
keystone/essex: importance |
Undecided |
High |
|
| 2013-02-19 10:32:02 |
Thierry Carrez |
keystone/folsom: importance |
Undecided |
High |
|
| 2013-02-19 10:32:33 |
Thierry Carrez |
nominated for series |
|
cinder/folsom |
|
| 2013-02-19 10:32:33 |
Thierry Carrez |
bug task added |
|
cinder/folsom |
|
| 2013-02-19 10:32:42 |
Thierry Carrez |
cinder/folsom: status |
New |
Triaged |
|
| 2013-02-19 10:32:45 |
Thierry Carrez |
cinder/folsom: importance |
Undecided |
High |
|
| 2013-02-19 10:34:07 |
Thierry Carrez |
nominated for series |
|
nova/essex |
|
| 2013-02-19 10:34:07 |
Thierry Carrez |
bug task added |
|
nova/essex |
|
| 2013-02-19 10:34:07 |
Thierry Carrez |
nominated for series |
|
nova/folsom |
|
| 2013-02-19 10:34:07 |
Thierry Carrez |
bug task added |
|
nova/folsom |
|
| 2013-02-19 10:34:20 |
Thierry Carrez |
nova/essex: importance |
Undecided |
High |
|
| 2013-02-19 10:34:20 |
Thierry Carrez |
nova/essex: status |
New |
Triaged |
|
| 2013-02-19 10:34:38 |
Thierry Carrez |
nova/folsom: importance |
Undecided |
High |
|
| 2013-02-19 10:34:38 |
Thierry Carrez |
nova/folsom: status |
New |
Triaged |
|
| 2013-02-19 13:57:43 |
Dan Prince |
nova/essex: assignee |
|
Dan Prince (dan-prince) |
|
| 2013-02-19 13:57:53 |
Dan Prince |
nova/folsom: assignee |
|
Dan Prince (dan-prince) |
|
| 2013-02-19 13:58:02 |
Dan Prince |
cinder/folsom: assignee |
|
Dan Prince (dan-prince) |
|
| 2013-02-19 14:51:43 |
Dan Prince |
oslo: assignee |
|
Dan Prince (dan-prince) |
|
| 2013-02-19 14:52:07 |
Dan Prince |
quantum: assignee |
|
Dan Prince (dan-prince) |
|
| 2013-02-19 15:00:25 |
OpenStack Infra |
nova: status |
Triaged |
In Progress |
|
| 2013-02-19 15:00:35 |
OpenStack Infra |
cinder: status |
Triaged |
In Progress |
|
| 2013-02-19 15:00:38 |
Thierry Carrez |
information type |
Private Security |
Public Security |
|
| 2013-02-19 15:01:28 |
OpenStack Infra |
cinder/folsom: status |
Triaged |
In Progress |
|
| 2013-02-19 15:02:55 |
OpenStack Infra |
keystone/essex: status |
Triaged |
In Progress |
|
| 2013-02-19 15:02:55 |
OpenStack Infra |
keystone/essex: assignee |
|
Dan Prince (dan-prince) |
|
| 2013-02-19 15:06:42 |
OpenStack Infra |
cinder/folsom: assignee |
Dan Prince (dan-prince) |
Dolph Mathews (dolph) |
|
| 2013-02-19 15:07:03 |
OpenStack Infra |
keystone: status |
Triaged |
In Progress |
|
| 2013-02-19 15:09:11 |
OpenStack Infra |
keystone/essex: assignee |
Dan Prince (dan-prince) |
Dolph Mathews (dolph) |
|
| 2013-02-19 15:19:11 |
Mark McLoughlin |
nova/folsom: status |
Triaged |
In Progress |
|
| 2013-02-19 15:19:29 |
Mark McLoughlin |
nova/folsom: milestone |
|
2012.2.4 |
|
| 2013-02-19 15:22:39 |
Mark McLoughlin |
keystone/folsom: status |
Triaged |
In Progress |
|
| 2013-02-19 15:22:54 |
Thierry Carrez |
nova/essex: status |
Triaged |
In Progress |
|
| 2013-02-19 15:23:13 |
Mark McLoughlin |
keystone/folsom: milestone |
|
2012.2.4 |
|
| 2013-02-19 15:23:13 |
Mark McLoughlin |
keystone/folsom: assignee |
|
Dolph Mathews (dolph) |
|
| 2013-02-19 15:25:02 |
OpenStack Infra |
keystone/essex: assignee |
Dolph Mathews (dolph) |
Dan Prince (dan-prince) |
|
| 2013-02-19 15:25:44 |
Mark McLoughlin |
cinder/folsom: milestone |
|
2012.2.4 |
|
| 2013-02-19 15:25:44 |
Mark McLoughlin |
cinder/folsom: assignee |
Dolph Mathews (dolph) |
Dan Prince (dan-prince) |
|
| 2013-02-19 18:39:47 |
OpenStack Infra |
nova: status |
In Progress |
Fix Committed |
|
| 2013-02-19 20:08:10 |
OpenStack Infra |
cinder/folsom: status |
In Progress |
Fix Committed |
|
| 2013-02-20 00:00:41 |
OpenStack Infra |
cinder: status |
In Progress |
Fix Committed |
|
| 2013-02-20 00:39:26 |
OpenStack Infra |
keystone/essex: status |
In Progress |
Fix Committed |
|
| 2013-02-20 09:49:12 |
Thierry Carrez |
nova/essex: status |
In Progress |
Fix Committed |
|
| 2013-02-20 09:49:25 |
Thierry Carrez |
nova/folsom: status |
In Progress |
Fix Committed |
|
| 2013-02-20 10:26:32 |
OpenStack Infra |
keystone: status |
In Progress |
Fix Committed |
|
| 2013-02-21 08:43:10 |
Thierry Carrez |
keystone: status |
Fix Committed |
Fix Released |
|
| 2013-02-21 08:43:10 |
Thierry Carrez |
keystone: milestone |
|
grizzly-3 |
|
| 2013-02-21 08:49:55 |
Thierry Carrez |
nova: status |
Fix Committed |
Fix Released |
|
| 2013-02-21 08:49:55 |
Thierry Carrez |
nova: milestone |
|
grizzly-3 |
|
| 2013-02-21 09:17:00 |
Thierry Carrez |
cinder: status |
Fix Committed |
Fix Released |
|
| 2013-02-21 09:17:00 |
Thierry Carrez |
cinder: milestone |
|
grizzly-3 |
|
| 2013-02-21 22:32:27 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/quantal-security/keystone |
|
| 2013-02-22 04:19:23 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/quantal/cinder/quantal-security |
|
| 2013-02-22 12:32:13 |
Thierry Carrez |
keystone/folsom: status |
In Progress |
Fix Committed |
|
| 2013-02-22 12:32:51 |
Thierry Carrez |
quantum: milestone |
|
grizzly-rc1 |
|
| 2013-02-22 12:33:07 |
Thierry Carrez |
oslo: milestone |
|
grizzly-rc1 |
|
| 2013-02-22 12:33:22 |
Thierry Carrez |
removed subscriber OpenStack Vulnerability Management team |
|
|
|
| 2013-02-22 18:34:47 |
Launchpad Janitor |
branch linked |
|
lp:~openstack-ubuntu-testing/cinder/precise-folsom |
|
| 2013-02-26 16:32:56 |
OpenStack Infra |
oslo: status |
Confirmed |
In Progress |
|
| 2013-02-26 16:32:56 |
OpenStack Infra |
oslo: assignee |
Dan Prince (dan-prince) |
Davanum Srinivas (DIMS) (dims-v) |
|
| 2013-02-26 20:48:24 |
OpenStack Infra |
quantum: status |
Confirmed |
In Progress |
|
| 2013-02-26 20:48:24 |
OpenStack Infra |
quantum: assignee |
Dan Prince (dan-prince) |
Davanum Srinivas (DIMS) (dims-v) |
|
| 2013-02-27 22:23:06 |
OpenStack Infra |
oslo: status |
In Progress |
Fix Committed |
|
| 2013-03-06 01:42:32 |
OpenStack Infra |
quantum: status |
In Progress |
Fix Committed |
|
| 2013-03-13 08:48:45 |
Thierry Carrez |
quantum: status |
Fix Committed |
Fix Released |
|
| 2013-03-13 13:11:53 |
Thierry Carrez |
oslo: status |
Fix Committed |
Fix Released |
|
| 2013-04-04 09:29:47 |
Thierry Carrez |
keystone: milestone |
grizzly-3 |
2013.1 |
|
| 2013-04-04 10:23:44 |
Thierry Carrez |
quantum: milestone |
grizzly-rc1 |
2013.1 |
|
| 2013-04-04 11:08:22 |
Thierry Carrez |
nova: milestone |
grizzly-3 |
2013.1 |
|
| 2013-04-04 11:38:26 |
Thierry Carrez |
cinder: milestone |
grizzly-3 |
2013.1 |
|
| 2013-04-04 12:47:54 |
Thierry Carrez |
oslo/grizzly: importance |
Undecided |
High |
|
| 2013-04-04 12:47:54 |
Thierry Carrez |
oslo/grizzly: status |
New |
Fix Released |
|
| 2013-04-04 12:47:54 |
Thierry Carrez |
oslo/grizzly: milestone |
|
2013.1 |
|
| 2013-04-04 12:47:54 |
Thierry Carrez |
oslo/grizzly: assignee |
|
Davanum Srinivas (DIMS) (dims-v) |
|
| 2013-04-11 19:21:23 |
Alan Pevec |
keystone/folsom: status |
Fix Committed |
Fix Released |
|
| 2013-04-11 19:53:59 |
Alan Pevec |
nova/folsom: status |
Fix Committed |
Fix Released |
|
| 2013-04-11 19:58:00 |
Alan Pevec |
cinder/folsom: status |
Fix Committed |
Fix Released |
|
| 2013-05-24 12:54:38 |
Thierry Carrez |
bug task added |
|
ossa |
|
| 2013-05-24 12:54:56 |
Thierry Carrez |
summary |
DoS through XML entity expansion (CVE-2013-1664) |
[OSSA 2013-004] DoS through XML entity expansion (CVE-2013-1664) |
|
| 2013-05-24 12:55:18 |
Thierry Carrez |
ossa: status |
New |
Fix Released |
|
| 2013-05-24 12:55:18 |
Thierry Carrez |
ossa: assignee |
|
Thierry Carrez (ttx) |
|
| 2013-12-16 14:08:50 |
Curtis Hovey |
removed subscriber Registry Administrators |
|
|
|
| 2014-06-04 23:32:48 |
Morgan Fainberg |
keystone/essex: status |
Fix Committed |
Fix Released |
|
| 2014-09-19 10:54:00 |
Sean Dague |
bug task deleted |
nova/essex |
|
|
| 2018-08-06 13:30:30 |
Nassim |
information type |
Public Security |
Private Security |
|
| 2018-08-06 13:30:33 |
Nassim |
information type |
Private Security |
Private |
|
| 2018-08-06 13:30:42 |
Nassim |
information type |
Private |
Public Security |
|
