| opendevreview | Lajos Katona proposed openstack/keystone master: Opt out of authenticate.failure instead of authenticate.failed https://review.opendev.org/c/openstack/keystone/+/821561 | 06:44 |
|---|---|---|
| zigo | Is there a fix for CVE-2022-2447 ? | 07:55 |
| frickler | is there even an upstream bug for it? IMO it is also unlucky to mix terms, "token" is something different from "application credentials" in keystone | 10:02 |
| tobias-urdin | feel like an easy fix tho, new tokens inherit expiration of app cred, if it break the API or current expectations i guess is a different story | 10:03 |
| *** blarnath is now known as d34dh0r53 | 11:56 | |
| *** dasm|off is now known as dasm | 13:43 | |
| opendevreview | Jorge Merlino proposed openstack/keystonemiddleware master: Remove cache invalidation when using expired token https://review.opendev.org/c/openstack/keystonemiddleware/+/860481 | 17:43 |
| d34dh0r53 | we’ve discussed that CVE, I don’t recall what (if anything was decided) | 18:14 |
| d34dh0r53 | zigo, frickler, tobias-urdin ^ | 18:17 |
| zigo | d34dh0r53: So, the CVE against Keystone was wrong, it' should have been against keystonemiddleware? | 18:18 |
| zigo | We're talking about CVE-2022-2447, right? | 18:19 |
| zigo | https://bugs.debian.org/1021272 | 18:19 |
| d34dh0r53 | right | 18:19 |
| d34dh0r53 | yeah, that should be against keystonemiddleware | 18:21 |
| d34dh0r53 | IIRC | 18:21 |
| d34dh0r53 | knikolla[m]: can you confirm? | 18:21 |
| zigo | Thanks. I'll do the work tomorrow, though the Debian security team already told me it's no-DSA (ie: no Debian Security Advisory, to be dealt with the stable release team for an update on the next point release). | 18:26 |
| zigo | I'll update the backports ... | 18:26 |
| d34dh0r53 | awesome, thanks zigo | 18:27 |
| zigo | (ie: unofficial debian.net backports) | 18:30 |
| zigo | d34dh0r53: I backported the patch all the way to train, without a glitch... | 19:29 |
| zigo | Will push and build now. | 19:29 |
| zigo | I was too quick to do that work: there's unit test failures... | 19:48 |
| opendevreview | Jorge Merlino proposed openstack/keystonemiddleware master: Remove cache invalidation when using expired token https://review.opendev.org/c/openstack/keystonemiddleware/+/860481 | 20:04 |
| *** dviroel is now known as dviroel|afk | 21:17 | |
| *** dasm is now known as dasm|off | 21:34 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!