[ubuntu/quantal-proposed] keystone 2012.2.3+stable-20130206-82c87e56-0ubuntu2 (Accepted)
James Page
james.page at ubuntu.com
Wed Apr 10 10:31:10 UTC 2013
keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu2) quantal-proposed; urgency=low
* Resync with latest security updates.
* SECURITY UPDATE: fix PKI revocation bypass
- debian/patches/CVE-2013-1865.patch: validate tokens from the backend
- CVE-2013-1865
* SECURITY UPDATE: fix EC2-style authentication for disabled users
- debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
to ensure user and tenant are enabled in EC2
- CVE-2013-0282
* SECURITY UPDATE: fix denial of service
- debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
- CVE-2013-1664
- CVE-2013-1665
Date: Fri, 22 Mar 2013 12:02:56 +0000
Changed-By: James Page <james.page at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/keystone/2012.2.3+stable-20130206-82c87e56-0ubuntu2
-------------- next part --------------
Format: 1.8
Date: Fri, 22 Mar 2013 12:02:56 +0000
Source: keystone
Binary: python-keystone keystone keystone-doc
Architecture: source
Version: 2012.2.3+stable-20130206-82c87e56-0ubuntu2
Distribution: quantal-proposed
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: James Page <james.page at ubuntu.com>
Description:
keystone - OpenStack identity service - Daemons
keystone-doc - OpenStack identity service - Documentation
python-keystone - OpenStack identity service - Python library
Changes:
keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu2) quantal-proposed; urgency=low
.
* Resync with latest security updates.
* SECURITY UPDATE: fix PKI revocation bypass
- debian/patches/CVE-2013-1865.patch: validate tokens from the backend
- CVE-2013-1865
* SECURITY UPDATE: fix EC2-style authentication for disabled users
- debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
to ensure user and tenant are enabled in EC2
- CVE-2013-0282
* SECURITY UPDATE: fix denial of service
- debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
- CVE-2013-1664
- CVE-2013-1665
Checksums-Sha1:
b7656d0c4c075162fbb99a3d459e2dc12a398a92 2681 keystone_2012.2.3+stable-20130206-82c87e56-0ubuntu2.dsc
72bc41b835f045e062c8640d6258226a53c27cb8 19890 keystone_2012.2.3+stable-20130206-82c87e56-0ubuntu2.debian.tar.gz
Checksums-Sha256:
292f30f89b0c4c0e02b9ca0107da3f2a2f4c6a80ff3dd81530674585a9eb5060 2681 keystone_2012.2.3+stable-20130206-82c87e56-0ubuntu2.dsc
7c4b4153826338f97463c4031815c84d7d5ada7e8212de2eaf1207b2c0636dea 19890 keystone_2012.2.3+stable-20130206-82c87e56-0ubuntu2.debian.tar.gz
Files:
0322e110a1f290cd00ee6b1b2782fc82 2681 net extra keystone_2012.2.3+stable-20130206-82c87e56-0ubuntu2.dsc
0b343e56b0405feeec3b894e3fc5ed71 19890 net extra keystone_2012.2.3+stable-20130206-82c87e56-0ubuntu2.debian.tar.gz
Original-Maintainer: Monty Taylor <mordred at inaugust.com>
More information about the Quantal-changes
mailing list