[Bug 1179707] Re: Meta bug for tracking OpenStack 2012.2.4 Stable Update

Thu Jun 6 04:15:22 UTC 2013

This bug was fixed in the package keystone - 2012.2.4-0ubuntu3

---------------
keystone (2012.2.4-0ubuntu3) quantal-proposed; urgency=low

  * debian/patches/update_certs.patch: Fix FTBFS.  Original SSL certs
    for test suite expired May 18 2013. Cherry-picked regenerated certs
    from stable/folsom commit c14f2789.

keystone (2012.2.4-0ubuntu2) quantal-proposed; urgency=low

  * Rebase on latest security fixes.
  * SECURITY UPDATE: delete user token immediately upon delete when using v2
    API
    - CVE-2013-2059.patch: adjust keystone/identity/core.py to call
      token_api.delete_token() during delete. Also update test suite.
    - CVE-2013-2059
    - LP: #1166670

keystone (2012.2.4-0ubuntu1) quantal-proposed; urgency=low

  * Dropped patches, applied upstream:
    - debian/patches/CVE-2013-1865.patch: [255b1d4]
    - debian/patches/CVE-2013-0282.patch: [f0b4d30]
    - debian/patches/CVE-2013-1664+1665.patch: [8a22745]
  * Resynchronize with stable/folsom (09f28020) (LP: #1179707):
    - [5ea4fcf] V2 API reported at Beta LP: 1135230
    - [1889299] PKI-signed token hash saved as token ID for SQL backend only
      LP: 1073272
    - [40660f0] Key PKI tokens on hash in memcached for auth_token middleware
      LP: 1073343
    - [b3ce6a7] Use the right subprocess based on os monkeypatch
    - [bb1ded0] keystone-all --config-dir is being ignored LP: 1101129
    - [9e0a97d] Temporary network outage results in connection refused and
      invalid token LP: 1150299
    - [255b1d4] Validation of PKI tokens bypasses revocation check LP: 1129713
    - [8690166] PKI tokens are broken after 24 hours LP: 1074172
    - [790c87e] PKI tokens are broken after 24 hours LP: 1074172
    - [f0b4d30] EC2 authentication does not ensure user or tenant is enabled
      LP: 1121494
    - [8a22745] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
 -- James Page <james.page at ubuntu.com>   Wed, 29 May 2013 20:59:34 +0100

** Changed in: keystone (Ubuntu Quantal)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0282

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1664

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1865

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2059

** Changed in: nova (Ubuntu Quantal)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0335

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1838

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2096

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1179707

Title:
  Meta bug for tracking OpenStack 2012.2.4 Stable Update

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1179707/+subscriptions