~ubuntu-branches/ubuntu/quantal/keystone/quantal-updates

Viewing all changes in revision 42.

  • Committer: Package Import Robot
  • Author(s): Jamie Strandboge
  • Date: 2013-06-13 13:42:44 UTC
  • mfrom: (38.1.2 quantal-security)
  • Revision ID: package-import@ubuntu.com-20130613134244-dg7992be35lkhthe
Tags: 2012.2.4-0ubuntu3.1
* SECURITY UPDATE: fix auth_token middleware neglects to check expiry of
  signed token when using PKI
  - debian/patches/CVE-2013-2104.patch: explicitly check the expiry on the
    tokens, and reject tokens that have expired. Also update test data
  - CVE-2013-2104
  - LP: #1179615
* debian/patches/fix-testsuite-for-2038-problem.patch: Adjust json example
  cert data to use 2037 instead of 2112 and regenerate the certs. Also
  adjust token expiry data to use 2037 instead of 2999.
* SECURITY UPDATE: fix authentication bypass when using LDAP backend
  - debian/patches/CVE-2013-2157.patch: identity/backends/ldap/core.py is
    adjusted to raise an assertion for invalid password when using LDAP and
    an empty password is submitted
  - CVE-2013-2157
  - LP: #1187305

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: