[ubuntu/quantal-proposed] keystone 2012.2.3+stable-20130206-82c87e56-0ubuntu2 (Accepted)

James Page james.page at ubuntu.com
Wed Apr 10 10:31:10 UTC 2013 

keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu2) quantal-proposed; urgency=low

  * Resync with latest security updates.
  * SECURITY UPDATE: fix PKI revocation bypass
    - debian/patches/CVE-2013-1865.patch: validate tokens from the backend
    - CVE-2013-1865
  * SECURITY UPDATE: fix EC2-style authentication for disabled users
    - debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
      to ensure user and tenant are enabled in EC2
    - CVE-2013-0282
  * SECURITY UPDATE: fix denial of service
    - debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
    - CVE-2013-1664
    - CVE-2013-1665

Date: Fri, 22 Mar 2013 12:02:56 +0000
Changed-By: James Page <james.page at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/keystone/2012.2.3+stable-20130206-82c87e56-0ubuntu2
-------------- next part --------------
Format: 1.8
Date: Fri, 22 Mar 2013 12:02:56 +0000
Source: keystone
Binary: python-keystone keystone keystone-doc
Architecture: source
Version: 2012.2.3+stable-20130206-82c87e56-0ubuntu2
Distribution: quantal-proposed
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: James Page <james.page at ubuntu.com>
Description: 
 keystone   - OpenStack identity service - Daemons
 keystone-doc - OpenStack identity service - Documentation
 python-keystone - OpenStack identity service - Python library
Changes: 
 keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu2) quantal-proposed; urgency=low
 .
   * Resync with latest security updates.
   * SECURITY UPDATE: fix PKI revocation bypass
     - debian/patches/CVE-2013-1865.patch: validate tokens from the backend
     - CVE-2013-1865
   * SECURITY UPDATE: fix EC2-style authentication for disabled users
     - debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
       to ensure user and tenant are enabled in EC2
     - CVE-2013-0282
   * SECURITY UPDATE: fix denial of service
     - debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
     - CVE-2013-1664
     - CVE-2013-1665
Checksums-Sha1: 
 b7656d0c4c075162fbb99a3d459e2dc12a398a92 2681 keystone_2012.2.3+stable-20130206-82c87e56-0ubuntu2.dsc
 72bc41b835f045e062c8640d6258226a53c27cb8 19890 keystone_2012.2.3+stable-20130206-82c87e56-0ubuntu2.debian.tar.gz
Checksums-Sha256: 
 292f30f89b0c4c0e02b9ca0107da3f2a2f4c6a80ff3dd81530674585a9eb5060 2681 keystone_2012.2.3+stable-20130206-82c87e56-0ubuntu2.dsc
 7c4b4153826338f97463c4031815c84d7d5ada7e8212de2eaf1207b2c0636dea 19890 keystone_2012.2.3+stable-20130206-82c87e56-0ubuntu2.debian.tar.gz
Files: 
 0322e110a1f290cd00ee6b1b2782fc82 2681 net extra keystone_2012.2.3+stable-20130206-82c87e56-0ubuntu2.dsc
 0b343e56b0405feeec3b894e3fc5ed71 19890 net extra keystone_2012.2.3+stable-20130206-82c87e56-0ubuntu2.debian.tar.gz
Original-Maintainer: Monty Taylor <mordred at inaugust.com>

More information about the Quantal-changes mailing list