1
PublicDateAtUSN: 2014-02-01
2
Candidate: CVE-2013-6491
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6491
6
https://rhn.redhat.com/errata/RHSA-2014-0112.html
7
https://usn.ubuntu.com/usn/usn-2208-1
8
https://usn.ubuntu.com/usn/usn-2208-2
9
https://usn.ubuntu.com/usn/usn-2247-1
11
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before
12
2013.2 does not enforce SSL connections when qpid_protocol is set to ssl,
13
which allows remote attackers to obtain sensitive information by sniffing
18
https://bugzilla.redhat.com/show_bug.cgi?id=1059504
19
https://bugs.launchpad.net/oslo/+bug/1158807
21
Discovered-by: JuanFra Rodriguez Cardoso
25
upstream: https://github.com/openstack/oslo-incubator/commit/ad04e5787a4a651e59636ae7bb28dd9a0b2ee63f (grizzly)
26
upstream_nova: released (2013.2.b3)
28
precise_nova: released (2012.1.3+stable-20130423-e52e6912-0ubuntu1.4)
30
saucy_nova: not-affected (1:2013.2~rc2-0ubuntu1)
31
trusty_nova: not-affected (1:2014.1~b3-0ubuntu2)
32
devel_nova: not-affected (1:2014.1~b3-0ubuntu2)
35
upstream_cinder: not-affected
38
quantal_cinder: released (2012.2.4-0ubuntu1.1)
39
saucy_cinder: not-affected
40
trusty_cinder: not-affected
41
devel_cinder: not-affected
44
upstream_quantum: not-affected
46
precise_quantum: not-affected
47
quantal_quantum: released (2012.2.4-0ubuntu1.1)
53
upstream_neutron: not-affected
57
saucy_neutron: not-affected
58
trusty_neutron: not-affected
59
devel_neutron: not-affected
62
upstream_keystone: not-affected
64
precise_keystone: not-affected (code not present)
65
quantal_keystone: not-affected (code not present)
66
saucy_keystone: not-affected
67
trusty_keystone: not-affected (code not present)
68
devel_keystone: not-affected (code not present)