~yolanda.robla/keystone/precise-essex-proposed

Viewing all changes in revision 144.

  • Committer: yolanda.robla at canonical
  • Date: 2013-04-11 07:45:30 UTC
  • Revision ID: yolanda.robla@canonical.com-20130411074530-kcr1rfquoaiphyz5
[ Jamie Strandboge ]
* SECURITY UPDATE: fix token creation error handling 
  - debian/patches/CVE-2013-0247.patch: validate size of user_id, username,
    password, tenant_name, tenant_id and token size to help guard against a
    denial of service via large log files filling the disk
  - CVE-2013-0247
    LP: 1121494 (CVE-2013-0282)
  - [8945567] DoS through XML entity expansion (CVE-2013-1664, CVE-2013-1665)
  - LP: 1100282, LP: 1100279
    tenant (LP: #1064914) - CVE-2012-5571
    (LP: #1040626) CVE-2012-3542

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: