~openstack-ubuntu-testing/keystone/folsom

Viewing all changes in revision 161.

  • Committer: James Page
  • Date: 2013-03-22 14:12:31 UTC
  • mfrom: (160.1.2 keystone)
  • Revision ID: james.page@canonical.com-20130322141231-d9e135wqzeq7ecqs
* Resync with latest security updates.
* SECURITY UPDATE: fix PKI revocation bypass
  - debian/patches/CVE-2013-1865.patch: validate tokens from the backend
  - CVE-2013-1865
* SECURITY UPDATE: fix EC2-style authentication for disabled users
  - debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
    to ensure user and tenant are enabled in EC2
  - CVE-2013-0282
* SECURITY UPDATE: fix denial of service
  - debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
  - CVE-2013-1664
  - CVE-2013-1665
* SECURITY UPDATE: fix PKI revocation bypass
  - debian/patches/CVE-2013-1865.patch: validate tokens from the backend
  - CVE-2013-1865
  - LP: #1129713

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: