yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1511541] Re: Possible incomplete fix for OSSA-2015-005

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Grant Murphy <grant.murphy@xxxxxx>
Date: Mon, 07 Mar 2016 15:09:02 -0000
Reply-to: Bug 1511541 <1511541@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Removed the OSSA task and marking invalid.

** Changed in: ossa
       Status: Incomplete => Invalid

** No longer affects: ossa

** Changed in: nova
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1511541

Title:
  Possible incomplete fix for OSSA-2015-005

Status in OpenStack Compute (nova):
  Invalid

Bug description:
  Multiple reports that the fix for [OSSA 2015-005] Websocket Hijacking
  Vulnerability in Nova VNC Server (CVE-2015-0259) is incomplete.

  https://bugs.launchpad.net/nova/+bug/1409142/comments/146
  https://bugs.launchpad.net/nova/+bug/1409142/comments/149

  Further investigation is needed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1511541/+subscriptions

References

[Bug 1511541] [NEW] Possible incomplete fix for OSSA-2015-005
From: Grant Murphy, 2015-10-29