yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #19164
[Bug 1347961] Re: [OSSA 2014-026] Revocation events are broken with mysql (CVE-2014-5251)
** Summary changed:
- Revocation events are broken with mysql (CVE-2014-5251)
+ [OSSA 2014-026] Revocation events are broken with mysql (CVE-2014-5251)
** Changed in: ossa
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1347961
Title:
[OSSA 2014-026] Revocation events are broken with mysql
(CVE-2014-5251)
Status in OpenStack Identity (Keystone):
Fix Committed
Status in Keystone icehouse series:
Fix Released
Status in OpenStack Security Advisories:
Fix Released
Bug description:
Since mysql only stores timestamps with an accuracy of seconds rather
than microseconds, doing comparisons of token expiration times will
fail and tokens will not show up as being revoked.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1347961/+subscriptions
References