This patch addresses CVE-2014-7821 and is tracked under Launchpad bug
1378450. It is addressed in the stable/Juno and stable/Icehouse. There
is no patch for Havana since it is EOL'ed by upstream. Therefore, this
patch is derived from the patch for stable/Icehouse

commit ab7ea069de5cecf1c26af50996a26e1a7f86def4
Author: John Perkins <email address hidden>
Date: Mon Oct 6 16:24:57 2014 -0500

    Fix hostname regex pattern

    Current hostname_pattern regex complexity grows exponentially
    when given a string of just digits, which can be exploited to
    cause neutron-server to freeze.

    Change-Id: I886c6d883a9cb0acd9908495eec50bf0411d8ba8
    Closes-bug: #1378450

*** neutron-2013.2.3/neutron/api/v2/attributes.py	2014-04-03 11:49:01.000000000 -0700
--- NEW/neutron/api/v2/attributes.py	2014-11-19 22:04:06.880132434 -0800
***************
*** 494,501 ****
          return [data]
  
  
! HOSTNAME_PATTERN = ("(?=^.{1,254}$)(^(?:(?!\d+\.|-)[a-zA-Z0-9_\-]"
!                     "{1,63}(?<!-)\.?)+(?:[a-zA-Z]{2,})$)")
  
  HEX_ELEM = '[0-9A-Fa-f]'
  UUID_PATTERN = '-'.join([HEX_ELEM + '{8}', HEX_ELEM + '{4}',
--- 494,501 ----
          return [data]
  
  
! HOSTNAME_PATTERN = ("(?=^.{1,254}$)(^(?:(?!\d+.|-)[a-zA-Z0-9_\-]{1,62}"
!                     "[a-zA-Z0-9]\.?)+(?:[a-zA-Z]{2,})$)")
  
  HEX_ELEM = '[0-9A-Fa-f]'
  UUID_PATTERN = '-'.join([HEX_ELEM + '{8}', HEX_ELEM + '{4}',
*** neutron-2013.2.3/neutron/tests/unit/test_attributes.py	2014-04-03 11:49:01.000000000 -0700
--- NEW/neutron/tests/unit/test_attributes.py	2014-11-19 22:15:26.539566055 -0800
***************
*** 246,251 ****
--- 246,252 ----
                      ['www.hostname.com', 'www.hostname.com'],
                      ['77.hostname.com'],
                      ['1000.0.0.1'],
+                     ['111111111111111111111111111111111111111111111111111111111111'],  # noqa
                      None]
  
          for ns in ns_pools: