[ubuntu-cloud-archive/folsom-updates] keystone (Accepted)
James Page
james.page at ubuntu.com
Thu May 2 16:49:46 UTC 2013
keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu2~cloud0) precise-folsom; urgency=low
.
* New update for the Ubuntu Cloud Archive.
.
keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu2) quantal-proposed; urgency=low
.
* Resync with latest security updates.
* SECURITY UPDATE: fix PKI revocation bypass
- debian/patches/CVE-2013-1865.patch: validate tokens from the backend
- CVE-2013-1865
* SECURITY UPDATE: fix EC2-style authentication for disabled users
- debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
to ensure user and tenant are enabled in EC2
- CVE-2013-0282
* SECURITY UPDATE: fix denial of service
- debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
- CVE-2013-1664
- CVE-2013-1665
.
keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu1) quantal-proposed; urgency=low
.
[ Adam Gandelman ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2013-0247.patch: [bb2226f]
* Resynchronize with stable/folsom (82c87e56) (LP: #1116671):
- [bb2226f] Add size validations for /tokens.
- [ec7b94d] Non-API specific 404 exposes traceback LP: 1089987
- [70e55f9] SQL backend fails if not all URL are defined in an endpoint
LP: 1061736
- [6c95b73] Unparseable endpoint URL's should raise a user friendly error
LP: 1058494
- [9e300b7] Test 0.2.0 keystoneclient to avoid new deps
- [ec06625] serviceCatalog is dict in the case of no endpoints LP: 1087405
.
[ Chuck Short ]
* debian/patches/fix-ubuntu-tests.patch: Refreshed.
Date: Thu, 25 Apr 2013 17:12:12 -0700
Changed-By: Adam Gandelman <adamg at ubuntu.com>
Signed-By: Adam Gandelman
Published-By: James Page <james.page at ubuntu.com>
More information about the Cloud-archive-changes
mailing list