Ubuntu

“keystone” 2012.2.3+stable-20130206-82c87e56-0ubuntu2 source package in The Quantal Quetzal

Publishing history

2012.2.3+stable-20130206-82c87e56-0ubuntu2
SUPERSEDED: Quantal pocket Updates in component main and section net
  • Removed from disk on 2013-05-18.
  • Removal requested on 2013-05-17.
  • Superseded on 2013-05-16 by keystone - 2012.2.3+stable-20130206-82c87e56-0ubuntu2.1
  • Published on 2013-04-25
2012.2.3+stable-20130206-82c87e56-0ubuntu2
DELETED: Quantal pocket Proposed in component main and section net
  • Removed from disk on 2013-05-18.
  • Removal requested on 2013-04-25.
  • Deleted on 2013-04-25 by Adam Conrad

    moved to -updates

  • Published on 2013-04-10

Changelog

keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu2) quantal-proposed; urgency=low

  * Resync with latest security updates.
  * SECURITY UPDATE: fix PKI revocation bypass
    - debian/patches/CVE-2013-1865.patch: validate tokens from the backend
    - CVE-2013-1865
  * SECURITY UPDATE: fix EC2-style authentication for disabled users
    - debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
      to ensure user and tenant are enabled in EC2
    - CVE-2013-0282
  * SECURITY UPDATE: fix denial of service
    - debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
    - CVE-2013-1664
    - CVE-2013-1665
 -- James Page <email address hidden>   Fri, 22 Mar 2013 12:02:56 +0000