[Bug 1116671] Re: Meta bug for tracking Openstack 2012.2.3 Stable Update
Launchpad Bug Tracker
1116671 at bugs.launchpad.net
Thu Apr 25 16:54:34 UTC 2013
This bug was fixed in the package keystone -
2012.2.3+stable-20130206-82c87e56-0ubuntu2
---------------
keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu2) quantal-proposed; urgency=low
* Resync with latest security updates.
* SECURITY UPDATE: fix PKI revocation bypass
- debian/patches/CVE-2013-1865.patch: validate tokens from the backend
- CVE-2013-1865
* SECURITY UPDATE: fix EC2-style authentication for disabled users
- debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
to ensure user and tenant are enabled in EC2
- CVE-2013-0282
* SECURITY UPDATE: fix denial of service
- debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
- CVE-2013-1664
- CVE-2013-1665
-- James Page <james.page at ubuntu.com> Fri, 22 Mar 2013 12:02:56 +0000
** Changed in: cinder (Ubuntu Quantal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1116671
Title:
Meta bug for tracking Openstack 2012.2.3 Stable Update
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1116671/+subscriptions
More information about the Ubuntu-server-bugs
mailing list