Format: 1.8
Date: Thu, 10 Sep 2020 07:14:38 +0000
Source: keystone
Binary: keystone keystone-doc python-keystone
Architecture: source
Version: 2:13.0.4-0ubuntu1~cloud0
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot@ubuntu.com>
Description:
 keystone   - OpenStack identity service - Daemons
 keystone-doc - OpenStack identity service - Documentation
 python-keystone - OpenStack identity service - Python library
Launchpad-Bugs-Fixed: 1893234
Changes:
 keystone (2:13.0.4-0ubuntu1~cloud0) xenial-queens; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 keystone (2:13.0.4-0ubuntu1) bionic-security; urgency=medium
 .
   [ Chris MacNaughton ]
   * d/watch: Update to point at opendev.org.
   * New stable point release for OpenStack Queens (LP: #1893234).
     - d/p/0001-fixing-dn-to-id.patch: Dropped. Fixed in upstream
       release.
 .
   [ Corey Bryant ]
   * SECURITY UPDATE: EC2 and/or credential endpoints are not protected
     from a scoped context. Keystone V3 /credentials endpoint policy
     logic allows to change credentials owner or target project ID.
     - debian/patches/CVE-2020-12689-CVE-2020-12691.patch: Fix security
       issues with EC2 credentials, addressing several issues in the
       creation and use of EC2/S3 credentials with keystone tokens.
     - CVE-2020-12689, CVE-2020-12691
   * SECURITY UPDATE: OAuth1 request token authorize silently ignores
     roles parameter.
     - debian/patches/CVE-2020-12690.patch: Ensure OAuth1 authorized
       roles are respected.
     - CVE-2020-12691
   * SECURITY UPDATE: Keystone doesn't check signature TTL of the EC2
     credential auth method.
     - debian/patches/CVE-2020-12692.patch: Check timestamp of signed
       EC2 token request.
     - CVE-2020-12692
Checksums-Sha1:
 1f15546d8a0da7e7ad8c586db1ef93b37ede7c78 3975 keystone_13.0.4-0ubuntu1~cloud0.dsc
 75b7a125f2c5d9b9187fede7dc435e7d34bab1a4 1465893 keystone_13.0.4.orig.tar.gz
 54263d9786a9291109fe4bdc7dfcba8ab3772627 30548 keystone_13.0.4-0ubuntu1~cloud0.debian.tar.xz
Checksums-Sha256:
 5d0d511e65d473bc50478a36c3d077fb937cc3a4f131ea14b2244123cf324d6f 3975 keystone_13.0.4-0ubuntu1~cloud0.dsc
 6aa728c6827c62fbc44dbb8aae459de02f0f090eefceb4f1410974ae13d03aaf 1465893 keystone_13.0.4.orig.tar.gz
 57f02d247f0ed730e589d073504bc23fe64103f5d79721c146fc5f829f953799 30548 keystone_13.0.4-0ubuntu1~cloud0.debian.tar.xz
Files:
 a0a59e34c2dcf098e0f84f474e0e5b35 3975 net extra keystone_13.0.4-0ubuntu1~cloud0.dsc
 4b6492fdc07fbcf7b3a21c37b1c422c0 1465893 net extra keystone_13.0.4.orig.tar.gz
 f77cc4c9ede926ede0e0df6d207ecc11 30548 net extra keystone_13.0.4-0ubuntu1~cloud0.debian.tar.xz
Original-Maintainer: Monty Taylor <mordred@inaugust.com>