[ubuntu/quantal-updates] keystone 2012.2.3+stable-20130206-82c87e56-0ubuntu2 (Accepted)
Clint Byrum
clint at fewbar.com
Thu Apr 25 16:54:37 UTC 2013
keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu2) quantal-proposed; urgency=low
* Resync with latest security updates.
* SECURITY UPDATE: fix PKI revocation bypass
- debian/patches/CVE-2013-1865.patch: validate tokens from the backend
- CVE-2013-1865
* SECURITY UPDATE: fix EC2-style authentication for disabled users
- debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
to ensure user and tenant are enabled in EC2
- CVE-2013-0282
* SECURITY UPDATE: fix denial of service
- debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
- CVE-2013-1664
- CVE-2013-1665
keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu1) quantal-proposed; urgency=low
[ Adam Gandelman ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2013-0247.patch: [bb2226f]
* Resynchronize with stable/folsom (82c87e56) (LP: #1116671):
- [bb2226f] Add size validations for /tokens.
- [ec7b94d] Non-API specific 404 exposes traceback LP: 1089987
- [70e55f9] SQL backend fails if not all URL are defined in an endpoint
LP: 1061736
- [6c95b73] Unparseable endpoint URL's should raise a user friendly error
LP: 1058494
- [9e300b7] Test 0.2.0 keystoneclient to avoid new deps
- [ec06625] serviceCatalog is dict in the case of no endpoints LP: 1087405
[ Chuck Short ]
* debian/patches/fix-ubuntu-tests.patch: Refreshed.
Date: 2013-03-22 13:50:13.468674+00:00
Changed-By: James Page <james.page at ubuntu.com>
Signed-By: Clint Byrum <clint at fewbar.com>
https://launchpad.net/ubuntu/quantal/+source/keystone/2012.2.3+stable-20130206-82c87e56-0ubuntu2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Quantal-changes
mailing list