yahoo-eng-team team mailing list archive

[Jeremy Stanley <2070308@xxxxxxxxxxxxxxxxxx>]

I've switched this report to public since there's nothing secret in it.
I tagged it "security" to reflect that it's security-related
information, but set the neutron bugtask to invalid status because it's
not actually reporting a bug. Alternatively, we could set it as a
duplicate of one of the fixed os-ken bugs.

** Information type changed from Private Security to Public

** Tags added: security

** Changed in: neutron
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2070308

Title:
  CERT/CC VU#636693

Status in neutron:
  Invalid

Bug description:
  Greetings,

  We have received a report that indicates that one of your products
  contains a vulnerability. In the interest of coordinated disclosure
  (which aims to address vulnerabilities before they can be exploited by
  attackers), we would like to communicate this information to you.

  To view the details associated with this case, please visit
  https://kb.cert.org/vince/ and create an account on VINCE, which is
  our coordination platform. Within VINCE, it is possible to view the
  original vulnerability report. VINCE also facilitates direct
  communication with the reporter, pending the reporter's willingness to
  communicate about the case.

  If you have any questions, you can email ccullen@xxxxxxxx.

  Regards,

  Vulnerability Analysis Team
  ======================================================================
  CERT Coordination Center
  kb.cert.org / cert@xxxxxxxx
  ======================================================================

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2070308/+subscriptions