[ubuntu/quantal-proposed] keystone 2012.2.4-0ubuntu2 (Accepted)

James Page james.page at ubuntu.com
Tue May 21 10:02:59 UTC 2013 

keystone (2012.2.4-0ubuntu2) quantal-proposed; urgency=low

  * Rebase on latest security fixes.
  * SECURITY UPDATE: delete user token immediately upon delete when using v2
    API
    - CVE-2013-2059.patch: adjust keystone/identity/core.py to call
      token_api.delete_token() during delete. Also update test suite.
    - CVE-2013-2059
    - LP: #1166670

keystone (2012.2.4-0ubuntu1) quantal-proposed; urgency=low

  * Dropped patches, applied upstream:
    - debian/patches/CVE-2013-1865.patch: [255b1d4]
    - debian/patches/CVE-2013-0282.patch: [f0b4d30]
    - debian/patches/CVE-2013-1664+1665.patch: [8a22745]
  * Resynchronize with stable/folsom (09f28020) (LP: #1179707):
    - [5ea4fcf] V2 API reported at Beta LP: 1135230
    - [1889299] PKI-signed token hash saved as token ID for SQL backend only
      LP: 1073272
    - [40660f0] Key PKI tokens on hash in memcached for auth_token middleware
      LP: 1073343
    - [b3ce6a7] Use the right subprocess based on os monkeypatch
    - [bb1ded0] keystone-all --config-dir is being ignored LP: 1101129
    - [9e0a97d] Temporary network outage results in connection refused and
      invalid token LP: 1150299
    - [255b1d4] Validation of PKI tokens bypasses revocation check LP: 1129713
    - [8690166] PKI tokens are broken after 24 hours LP: 1074172
    - [790c87e] PKI tokens are broken after 24 hours LP: 1074172
    - [f0b4d30] EC2 authentication does not ensure user or tenant is enabled
      LP: 1121494
    - [8a22745] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282

Date: Fri, 17 May 2013 11:26:24 +0100
Changed-By: James Page <james.page at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/keystone/2012.2.4-0ubuntu2
-------------- next part --------------
Format: 1.8
Date: Fri, 17 May 2013 11:26:24 +0100
Source: keystone
Binary: python-keystone keystone keystone-doc
Architecture: source
Version: 2012.2.4-0ubuntu2
Distribution: quantal-proposed
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: James Page <james.page at ubuntu.com>
Description: 
 keystone   - OpenStack identity service - Daemons
 keystone-doc - OpenStack identity service - Documentation
 python-keystone - OpenStack identity service - Python library
Launchpad-Bugs-Fixed: 1166670 1179707
Changes: 
 keystone (2012.2.4-0ubuntu2) quantal-proposed; urgency=low
 .
   * Rebase on latest security fixes.
   * SECURITY UPDATE: delete user token immediately upon delete when using v2
     API
     - CVE-2013-2059.patch: adjust keystone/identity/core.py to call
       token_api.delete_token() during delete. Also update test suite.
     - CVE-2013-2059
     - LP: #1166670
 .
 keystone (2012.2.4-0ubuntu1) quantal-proposed; urgency=low
 .
   * Dropped patches, applied upstream:
     - debian/patches/CVE-2013-1865.patch: [255b1d4]
     - debian/patches/CVE-2013-0282.patch: [f0b4d30]
     - debian/patches/CVE-2013-1664+1665.patch: [8a22745]
   * Resynchronize with stable/folsom (09f28020) (LP: #1179707):
     - [5ea4fcf] V2 API reported at Beta LP: 1135230
     - [1889299] PKI-signed token hash saved as token ID for SQL backend only
       LP: 1073272
     - [40660f0] Key PKI tokens on hash in memcached for auth_token middleware
       LP: 1073343
     - [b3ce6a7] Use the right subprocess based on os monkeypatch
     - [bb1ded0] keystone-all --config-dir is being ignored LP: 1101129
     - [9e0a97d] Temporary network outage results in connection refused and
       invalid token LP: 1150299
     - [255b1d4] Validation of PKI tokens bypasses revocation check LP: 1129713
     - [8690166] PKI tokens are broken after 24 hours LP: 1074172
     - [790c87e] PKI tokens are broken after 24 hours LP: 1074172
     - [f0b4d30] EC2 authentication does not ensure user or tenant is enabled
       LP: 1121494
     - [8a22745] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
Checksums-Sha1: 
 0ad846364e6ed27872f065df7d2a335096f7f2a3 2506 keystone_2012.2.4-0ubuntu2.dsc
 08f7dab5369bca6bee7f13827a513f94dde7f85a 17627 keystone_2012.2.4-0ubuntu2.debian.tar.gz
Checksums-Sha256: 
 1fb72822869f0208dc1067b535064c7cb98d159e161a83ed7eaeb39b37424e05 2506 keystone_2012.2.4-0ubuntu2.dsc
 21f8a3f82c1e647c24ea805acf411abdeb4fa45c8eb18d74dd67457f0fd8826a 17627 keystone_2012.2.4-0ubuntu2.debian.tar.gz
Files: 
 1040a2419c657e4ef552fcded8720fe5 2506 net extra keystone_2012.2.4-0ubuntu2.dsc
 d922b93e4a523437e548c4fa10b7784a 17627 net extra keystone_2012.2.4-0ubuntu2.debian.tar.gz
Original-Maintainer: Monty Taylor <mordred at inaugust.com>

More information about the Quantal-changes mailing list