[ubuntu/quantal-security] keystone 2012.2.3+stable-20130206-82c87e56-0ubuntu2.1 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Thu May 16 23:03:17 UTC 2013 

keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu2.1) quantal-security; urgency=low

  * SECURITY UPDATE: delete user token immediately upon delete when using v2
    API
    - CVE-2013-2059.patch: adjust keystone/identity/core.py to call
      token_api.delete_token() during delete. Also update test suite.
    - CVE-2013-2059
    - LP: #1166670

keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu2) quantal-proposed; urgency=low

  * Resync with latest security updates.
  * SECURITY UPDATE: fix PKI revocation bypass
    - debian/patches/CVE-2013-1865.patch: validate tokens from the backend
    - CVE-2013-1865
  * SECURITY UPDATE: fix EC2-style authentication for disabled users
    - debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
      to ensure user and tenant are enabled in EC2
    - CVE-2013-0282
  * SECURITY UPDATE: fix denial of service
    - debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
    - CVE-2013-1664
    - CVE-2013-1665

keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu1) quantal-proposed; urgency=low

  [ Adam Gandelman ]
  * Dropped patches, applied upstream:
    - debian/patches/CVE-2013-0247.patch: [bb2226f]
  * Resynchronize with stable/folsom (82c87e56) (LP: #1116671):
    - [bb2226f] Add size validations for /tokens.
    - [ec7b94d] Non-API specific 404 exposes traceback LP: 1089987
    - [70e55f9] SQL backend fails if not all URL are defined in an endpoint
      LP: 1061736
    - [6c95b73] Unparseable endpoint URL's should raise a user friendly error
      LP: 1058494
    - [9e300b7] Test 0.2.0 keystoneclient to avoid new deps
    - [ec06625] serviceCatalog is dict in the case of no endpoints LP: 1087405

  [ Chuck Short ]
  * debian/patches/fix-ubuntu-tests.patch: Refreshed.

Date: 2013-05-07 19:55:43.241832+00:00
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/keystone/2012.2.3+stable-20130206-82c87e56-0ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Quantal-changes mailing list