← Back to team overview

openstack team mailing list archive

Re: [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457)

 

andi abes wrote:
> is the plan going forward to announce these on friday afternoons?

We generally release embargoed issues only on Tue-Thu.

In this precise case, the fixes have been long committed and released,
but they were never brought to the Vulnerability Management Team
attention, which resulted in the lack of a published advisory. In this
case we thought the sooner we issue an advisory would be the better.

Regards,

-- 
Thierry Carrez (ttx)
Vulnerability Management Team hat on


References