| *** Jackneill has quit IRC | 00:12 | |
| *** dave-mccowan has quit IRC | 00:19 | |
| *** dave-mccowan has joined #openstack-security | 00:20 | |
| *** Jackneill has joined #openstack-security | 00:25 | |
| *** dave-mccowan has quit IRC | 00:30 | |
| *** dave-mccowan has joined #openstack-security | 01:22 | |
| *** f0o has quit IRC | 01:56 | |
| *** rcernin has quit IRC | 02:47 | |
| *** rcernin has joined #openstack-security | 02:50 | |
| *** dave-mccowan has quit IRC | 04:23 | |
| *** jawad_axd has quit IRC | 06:41 | |
| *** jawad_axd has joined #openstack-security | 06:42 | |
| *** rcernin has quit IRC | 07:35 | |
| *** f0o has joined #openstack-security | 08:10 | |
| *** mnaser_ has joined #openstack-security | 08:13 | |
| *** Jackneill has quit IRC | 08:17 | |
| *** Jackneill has joined #openstack-security | 08:17 | |
| *** andy_- has joined #openstack-security | 08:18 | |
| *** mnaser has quit IRC | 08:20 | |
| *** andy_ has quit IRC | 08:20 | |
| *** mnaser_ is now known as mnaser | 08:20 | |
| *** andy_- is now known as andy_ | 08:20 | |
| *** threestrands has quit IRC | 09:39 | |
| *** benj_ has quit IRC | 12:36 | |
| *** jawad_axd has quit IRC | 14:47 | |
| fungi | we have 13 old reports of suspected vulnerabilities with embargoes expiring today. i've switched them all to public security: | 16:42 |
|---|---|---|
| fungi | bug 1669482 | 16:42 |
| openstack | bug 1669482 in neutron "fwaas: firewall rules not applied on L3 agents reboot in case of neutron-fwaas outage" [Undecided,Confirmed] https://launchpad.net/bugs/1669482 | 16:42 |
| fungi | bug 1674846 | 16:42 |
| openstack | bug 1674846 in OpenStack Security Advisory "using glance v2 api does not remove temporary files" [Undecided,Incomplete] https://launchpad.net/bugs/1674846 | 16:42 |
| fungi | bug 1685798 | 16:42 |
| openstack | bug 1685798 in OpenStack Security Advisory "Swift tempurl middleware reveals signatures in the logfiles (CVE-2017-8761)" [Undecided,Incomplete] https://launchpad.net/bugs/1685798 | 16:42 |
| fungi | bug 1688137 | 16:42 |
| openstack | bug 1688137 in OpenStack Identity (keystone) "Attacker may use PCI-DSS 8.1.6 and 8.1.7 to lock out users indefinitely" [Medium,Triaged] https://launchpad.net/bugs/1688137 | 16:42 |
| fungi | bug 1721193 | 16:42 |
| openstack | bug 1721193 in OpenStack Security Advisory "Outdated and vulnerable versions of Javascript libraries" [Undecided,Incomplete] https://launchpad.net/bugs/1721193 | 16:42 |
| fungi | bug 1724598 | 16:42 |
| openstack | bug 1724598 in OpenStack Security Advisory "DOS : API_RESULT_LIMIT does not work for swift objects" [Undecided,Incomplete] https://launchpad.net/bugs/1724598 | 16:42 |
| fungi | bug 1736920 | 16:42 |
| openstack | bug 1736920 in OpenStack Security Advisory "Glance images are loaded into memory" [Undecided,Incomplete] https://launchpad.net/bugs/1736920 | 16:43 |
| fungi | bug 1797575 | 16:43 |
| openstack | bug 1797575 in OpenStack Security Advisory "Security vulnerability with SR-IOV ports" [Undecided,Incomplete] https://launchpad.net/bugs/1797575 | 16:43 |
| fungi | bug 1798904 | 16:43 |
| openstack | bug 1798904 in os-vif "tenant isolation is bypassed if port admin-state-up=false" [Critical,Confirmed] https://launchpad.net/bugs/1798904 - Assigned to sean mooney (sean-k-mooney) | 16:43 |
| fungi | bug 1825549 | 16:43 |
| openstack | bug 1825549 in OpenStack Dashboard (Horizon) "Phishing opportunity via unvalidated text in GET request" [High,Confirmed] https://launchpad.net/bugs/1825549 | 16:43 |
| fungi | bug 1844712 | 16:43 |
| openstack | bug 1844712 in OpenStack Security Advisory "RA Leak on tenant network" [Undecided,Incomplete] https://launchpad.net/bugs/1844712 | 16:43 |
| fungi | bug 1861893 | 16:43 |
| openstack | bug 1861893 in OpenStack Security Advisory "os-assisted-volume-snapshots passes unsanitised file path to the libvirt driver" [Undecided,Incomplete] https://launchpad.net/bugs/1861893 | 16:43 |
| fungi | bug 1865026 | 16:43 |
| openstack | bug 1865026 in OpenStack Security Advisory "Open redirect in workflow forms" [Undecided,Incomplete] https://launchpad.net/bugs/1865026 | 16:43 |
| fungi | i've also switched these old reports the vmt had previously marked opinion from private security to public (not public security): | 17:00 |
| fungi | bug 1545717 | 17:00 |
| openstack | bug 1545717 in Glance "glance v2 api: standard user can create public metadefs" [Undecided,New] https://launchpad.net/bugs/1545717 | 17:00 |
| fungi | bug 1545732 | 17:00 |
| openstack | bug 1545732 in Glance "glance v2 api: standard user can update other user's public metadefs" [Undecided,New] https://launchpad.net/bugs/1545732 | 17:00 |
| fungi | bug 1555590 | 17:01 |
| openstack | bug 1555590 in Glance "Image location can be used to capture user tokens" [High,Confirmed] https://launchpad.net/bugs/1555590 | 17:01 |
| *** jawad_axd has joined #openstack-security | 19:33 | |
| *** jawad_axd has quit IRC | 20:47 | |
| *** Jackneill has quit IRC | 21:54 | |
| *** Jackneill has joined #openstack-security | 22:08 | |
| *** rcernin has joined #openstack-security | 22:59 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!