python-oauth2 dependency is unmaintained and has security issues
Bug #1240382 reported by
Philippe Makowski
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Matthieu Huin | ||
Havana |
Won't Fix
|
High
|
Unassigned |
Bug Description
oauth2 is not maintained and have 2 CVE issues CVE-2013-4346 and CVE-2013-4347 and is not Python3 compatible
can you remove this dependency (maybe switching to requests ? )
Related branches
information type: | Private Security → Public Security |
Changed in keystone: | |
assignee: | nobody → Matthieu Huin (mhu-s) |
Changed in keystone: | |
assignee: | Matthieu Huin (mhu-s) → Dolph Mathews (dolph) |
status: | Confirmed → In Progress |
Changed in keystone: | |
assignee: | Dolph Mathews (dolph) → David Stanek (dstanek) |
Changed in keystone: | |
assignee: | David Stanek (dstanek) → Dolph Mathews (dolph) |
Changed in keystone: | |
assignee: | Dolph Mathews (dolph) → Matthieu Huin (mhu-s) |
Changed in keystone: | |
milestone: | none → icehouse-2 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | icehouse-2 → 2014.1 |
To post a comment you must log in.
links to the 2 CVE issues /github. com/simplegeo/ python- oauth2/ issues/ 129 /github. com/simplegeo/ python- oauth2/ issues/ 9
https:/
https:/