[ubuntu-cloud-archive/folsom-proposed] keystone (Accepted)

James Page james.page at ubuntu.com
Sun May 26 18:55:14 UTC 2013 

 keystone (2012.2.4-0ubuntu2~cloud1) precise-folsom; urgency=low
 .
   * debian/patches/update_certs.patch: Fix FTBFS.  Original SSL certs
     for test suite expired May 18 2013. Cherry-picked regenerated certs
     from stable/folsom commit c14f2789.
 .
 keystone (2012.2.4-0ubuntu2~cloud0) precise-folsom; urgency=low
 .
   * New update for the Ubuntu Cloud Archive.
 .
 keystone (2012.2.4-0ubuntu2) quantal-proposed; urgency=low
 .
   * Rebase on latest security fixes.
   * SECURITY UPDATE: delete user token immediately upon delete when using v2
     API
     - CVE-2013-2059.patch: adjust keystone/identity/core.py to call
       token_api.delete_token() during delete. Also update test suite.
     - CVE-2013-2059
     - LP: #1166670
 .
 keystone (2012.2.4-0ubuntu1) quantal-proposed; urgency=low
 .
   * Dropped patches, applied upstream:
     - debian/patches/CVE-2013-1865.patch: [255b1d4]
     - debian/patches/CVE-2013-0282.patch: [f0b4d30]
     - debian/patches/CVE-2013-1664+1665.patch: [8a22745]
   * Resynchronize with stable/folsom (09f28020) (LP: #1179707):
     - [5ea4fcf] V2 API reported at Beta LP: 1135230
     - [1889299] PKI-signed token hash saved as token ID for SQL backend only
       LP: 1073272
     - [40660f0] Key PKI tokens on hash in memcached for auth_token middleware
       LP: 1073343
     - [b3ce6a7] Use the right subprocess based on os monkeypatch
     - [bb1ded0] keystone-all --config-dir is being ignored LP: 1101129
     - [9e0a97d] Temporary network outage results in connection refused and
       invalid token LP: 1150299
     - [255b1d4] Validation of PKI tokens bypasses revocation check LP: 1129713
     - [8690166] PKI tokens are broken after 24 hours LP: 1074172
     - [790c87e] PKI tokens are broken after 24 hours LP: 1074172
     - [f0b4d30] EC2 authentication does not ensure user or tenant is enabled
       LP: 1121494
     - [8a22745] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282

Date: Thu, 23 May 2013 13:20:49 -0700
Changed-By: Adam Gandelman <adamg at ubuntu.com>
Signed-By: Adam Gandelman
Published-By: James Page <james.page at ubuntu.com>

More information about the Cloud-archive-changes mailing list