This bug was fixed in the package keystone -
2012.2.3+stable-20130206-82c87e56-0ubuntu2
---------------
keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu2) quantal-proposed;
urgency=low
* Resync with latest security updates.
* SECURITY UPDATE: fix PKI revocation bypass
- debian/patches/CVE-2013-1865.patch: validate tokens from the backend
- CVE-2013-1865
* SECURITY UPDATE: fix EC2-style authentication for disabled users
- debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
to ensure user and tenant are enabled in EC2
- CVE-2013-0282
* SECURITY UPDATE: fix denial of service
- debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
- CVE-2013-1664
- CVE-2013-1665
-- James Page <[email protected]> Fri, 22 Mar 2013 12:02:56 +0000
** Changed in: cinder (Ubuntu Quantal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1116671
Title:
Meta bug for tracking Openstack 2012.2.3 Stable Update
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1116671/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
