~gandelman-a/ubuntu/quantal/keystone/missing_cve

Viewing changes to debian/changelog

2012.2.3+stable-20130220-37b35328-0ubuntu1

added added

removed removed

keystone (2012.2.3+stable-20130220-37b35328-0ubuntu1) quantal-proposed; urgency=low

* Dropped patches, applied upstream:

- debian/patches/CVE-2013-0282.patch: [f0b4d30]

- debian/patches/CVE-2013-1664+1665.patch: [8a22745]

* Resynchronize with stable/folsom (37b35328) (LP: #1116671):

- [f0b4d30] EC2 authentication does not ensure user or tenant is enabled

LP: 1121494

- [8a22745] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282

-- Adam Gandelman <adamg@ubuntu.com> Wed, 20 Feb 2013 16:32:14 -0400

keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu1) quantal-proposed; urgency=low

[ Adam Gandelman ]

-- Adam Gandelman <adamg@ubuntu.com> Wed, 06 Feb 2013 11:13:12 -0400

keystone (2012.2.1-0ubuntu1.2) quantal-security; urgency=low

* SECURITY UPDATE: fix EC2-style authentication for disabled users

- debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py

to ensure user and tenant are enabled in EC2

- CVE-2013-0282

- LP: #1121494

* SECURITY UPDATE: fix denial of service

- debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing

- CVE-2013-1664

- CVE-2013-1665

- LP: #1100279

- LP: #1100282

-- Jamie Strandboge <jamie@ubuntu.com> Tue, 19 Feb 2013 11:48:27 -0600

keystone (2012.2.1-0ubuntu1.1) quantal-security; urgency=low

* SECURITY UPDATE: fix token creation error handling