Wednesday, 2020-05-27

*** Jackneill has quit IRC00:12
*** dave-mccowan has quit IRC00:19
*** dave-mccowan has joined #openstack-security00:20
*** Jackneill has joined #openstack-security00:25
*** dave-mccowan has quit IRC00:30
*** dave-mccowan has joined #openstack-security01:22
*** f0o has quit IRC01:56
*** rcernin has quit IRC02:47
*** rcernin has joined #openstack-security02:50
*** dave-mccowan has quit IRC04:23
*** jawad_axd has quit IRC06:41
*** jawad_axd has joined #openstack-security06:42
*** rcernin has quit IRC07:35
*** f0o has joined #openstack-security08:10
*** mnaser_ has joined #openstack-security08:13
*** Jackneill has quit IRC08:17
*** Jackneill has joined #openstack-security08:17
*** andy_- has joined #openstack-security08:18
*** mnaser has quit IRC08:20
*** andy_ has quit IRC08:20
*** mnaser_ is now known as mnaser08:20
*** andy_- is now known as andy_08:20
*** threestrands has quit IRC09:39
*** benj_ has quit IRC12:36
*** jawad_axd has quit IRC14:47
fungiwe have 13 old reports of suspected vulnerabilities with embargoes expiring today. i've switched them all to public security:16:42
fungibug 166948216:42
openstackbug 1669482 in neutron "fwaas: firewall rules not applied on L3 agents reboot in case of neutron-fwaas outage" [Undecided,Confirmed]
fungibug 167484616:42
openstackbug 1674846 in OpenStack Security Advisory "using glance v2 api does not remove temporary files" [Undecided,Incomplete]
fungibug 168579816:42
openstackbug 1685798 in OpenStack Security Advisory "Swift tempurl middleware reveals signatures in the logfiles (CVE-2017-8761)" [Undecided,Incomplete]
fungibug 168813716:42
openstackbug 1688137 in OpenStack Identity (keystone) "Attacker may use PCI-DSS 8.1.6 and 8.1.7 to lock out users indefinitely" [Medium,Triaged]
fungibug 172119316:42
openstackbug 1721193 in OpenStack Security Advisory "Outdated and vulnerable versions of Javascript libraries" [Undecided,Incomplete]
fungibug 172459816:42
openstackbug 1724598 in OpenStack Security Advisory "DOS : API_RESULT_LIMIT does not work for swift objects" [Undecided,Incomplete]
fungibug 173692016:42
openstackbug 1736920 in OpenStack Security Advisory "Glance images are loaded into memory" [Undecided,Incomplete]
fungibug 179757516:43
openstackbug 1797575 in OpenStack Security Advisory "Security vulnerability with SR-IOV ports" [Undecided,Incomplete]
fungibug 179890416:43
openstackbug 1798904 in os-vif "tenant isolation is bypassed if port admin-state-up=false" [Critical,Confirmed] - Assigned to sean mooney (sean-k-mooney)16:43
fungibug 182554916:43
openstackbug 1825549 in OpenStack Dashboard (Horizon) "Phishing opportunity via unvalidated text in GET request" [High,Confirmed]
fungibug 184471216:43
openstackbug 1844712 in OpenStack Security Advisory "RA Leak on tenant network" [Undecided,Incomplete]
fungibug 186189316:43
openstackbug 1861893 in OpenStack Security Advisory "os-assisted-volume-snapshots passes unsanitised file path to the libvirt driver" [Undecided,Incomplete]
fungibug 186502616:43
openstackbug 1865026 in OpenStack Security Advisory "Open redirect in workflow forms" [Undecided,Incomplete]
fungii've also switched these old reports the vmt had previously marked opinion from private security to public (not public security):17:00
fungibug 154571717:00
openstackbug 1545717 in Glance "glance v2 api: standard user can create public metadefs" [Undecided,New]
fungibug 154573217:00
openstackbug 1545732 in Glance "glance v2 api: standard user can update other user's public metadefs" [Undecided,New]
fungibug 155559017:01
openstackbug 1555590 in Glance "Image location can be used to capture user tokens" [High,Confirmed]
*** jawad_axd has joined #openstack-security19:33
*** jawad_axd has quit IRC20:47
*** Jackneill has quit IRC21:54
*** Jackneill has joined #openstack-security22:08
*** rcernin has joined #openstack-security22:59

Generated by 2.17.2 by Marius Gedminas - find it at!