« back to all changes in this revision
Viewing changes to .pc/update_certs.patch/tests/signing/auth_token_revoked.json
- Committer: Package Import Robot
- Date: 2013-06-13 13:42:44 UTC
- mfrom: (35.1.6 quantal-proposed)
- Revision ID: package-import@ubuntu.com-20130613134244-mle4ueu39urzeknr
* SECURITY UPDATE: fix auth_token middleware neglects to check expiry of
signed token when using PKI
- debian/patches/CVE-2013-2104.patch: explicitly check the expiry on the
tokens, and reject tokens that have expired. Also update test data
- CVE-2013-2104
- LP: #1179615
* debian/patches/fix-testsuite-for-2038-problem.patch: Adjust json example
cert data to use 2037 instead of 2112 and regenerate the certs. Also
adjust token expiry data to use 2037 instead of 2999.
* SECURITY UPDATE: fix authentication bypass when using LDAP backend
- debian/patches/CVE-2013-2157.patch: identity/backends/ldap/core.py is
adjusted to raise an assertion for invalid password when using LDAP and
an empty password is submitted
- CVE-2013-2157
- LP: #1187305
signed token when using PKI
- debian/patches/CVE-2013-2104.patch: explicitly check the expiry on the
tokens, and reject tokens that have expired. Also update test data
- CVE-2013-2104
- LP: #1179615
* debian/patches/fix-testsuite-for-2038-problem.patch: Adjust json example
cert data to use 2037 instead of 2112 and regenerate the certs. Also
adjust token expiry data to use 2037 instead of 2999.
* SECURITY UPDATE: fix authentication bypass when using LDAP backend
- debian/patches/CVE-2013-2157.patch: identity/backends/ldap/core.py is
adjusted to raise an assertion for invalid password when using LDAP and
an empty password is submitted
- CVE-2013-2157
- LP: #1187305
- files added:
- .pc/CVE-2013-2104.patch
- .pc/CVE-2013-2104.patch/keystone
- .pc/CVE-2013-2104.patch/keystone/middleware
- .pc/CVE-2013-2104.patch/tests
- .pc/CVE-2013-2104.patch/tests/signing
- .pc/CVE-2013-2157.patch
- .pc/CVE-2013-2157.patch/keystone
- .pc/CVE-2013-2157.patch/keystone/identity
- .pc/CVE-2013-2157.patch/keystone/identity/backends
- .pc/CVE-2013-2157.patch/keystone/identity/backends/ldap
- .pc/CVE-2013-2157.patch/tests
- .pc/fix-testsuite-for-2038-problem.patch
- .pc/fix-testsuite-for-2038-problem.patch/tests
- .pc/fix-testsuite-for-2038-problem.patch/tests/signing
- .pc/update_certs.patch
- .pc/update_certs.patch/tests
- .pc/update_certs.patch/tests/signing
- files removed:
- .pc/CVE-2013-0282.patch
- .pc/CVE-2013-0282.patch/keystone
- .pc/CVE-2013-0282.patch/keystone/contrib
- .pc/CVE-2013-0282.patch/keystone/contrib/ec2
- .pc/CVE-2013-1664+1665.patch
- .pc/CVE-2013-1664+1665.patch/keystone
- .pc/CVE-2013-1664+1665.patch/keystone/common
- .pc/CVE-2013-1865.patch
- .pc/CVE-2013-1865.patch/keystone
- .pc/CVE-2013-1865.patch/tests
- files modified:
- .pc/applied-patches
added
removed
.pc/update_certs.patch/tests/signing/auth_token_revoked.json
