[ubuntu/quantal-updates] keystone 2012.2.4-0ubuntu3.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Fri Jun 14 02:58:24 UTC 2013
keystone (2012.2.4-0ubuntu3.1) quantal-security; urgency=low
* SECURITY UPDATE: fix auth_token middleware neglects to check expiry of
signed token when using PKI
- debian/patches/CVE-2013-2104.patch: explicitly check the expiry on the
tokens, and reject tokens that have expired. Also update test data
- CVE-2013-2104
- LP: #1179615
* debian/patches/fix-testsuite-for-2038-problem.patch: Adjust json example
cert data to use 2037 instead of 2112 and regenerate the certs. Also
adjust token expiry data to use 2037 instead of 2999.
* SECURITY UPDATE: fix authentication bypass when using LDAP backend
- debian/patches/CVE-2013-2157.patch: identity/backends/ldap/core.py is
adjusted to raise an assertion for invalid password when using LDAP and
an empty password is submitted
- CVE-2013-2157
- LP: #1187305
Date: 2013-06-13 19:10:17.653943+00:00
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/quantal/+source/keystone/2012.2.4-0ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Quantal-changes
mailing list