barbican 2:13.0.0-0ubuntu1.2 source package in Ubuntu
Changelog
barbican (2:13.0.0-0ubuntu1.2) impish-security; urgency=medium * SECURITY UPDATE: Access restrictions bypass - debian/patches/CVE-2022-23451-1.patch: Change access policies to secret metadata in barbican/common/policies/secretmeta.py. Add a new role in barbican/common/policies/base.py and make use of these changes in barbican/api/controllers/__init__.py, barbican/api/controllers/secretmeta.py and barbican/api/controllers/secrets.py. - debian/patches/CVE-2022-23451-2.patch: Fix secure RBAC rules in barbican/common/policies/secretmeta.py - debian/patches/CVE-2022-23451-post1.patch: Change consumer controller code in barbican/api/controllers/*, change policy rules in barbican/common/policies/consumers.py and add tests in barbican/tests/api/test_resources_policy.py and functionaltests/api/v1/functional/test_acls.py. - debian/patches/CVE-2022-23451-post2.patch: Change secret policies in barbican/common/policies/secrets.py, add tests in barbican/tests/api/test_resources_policy.py and functionaltests/api/v1/functional/test_secrets_rbac.py and update api guide in api-guide/source/acls.rst. - CVE-2022-23451 * SECURITY UPDATE: Ownership bypass - debian/patches/CVE-2022-23452.patch: Update container secret policies in barbican/common/policies/containers.py and add a new role in barbican/common/policies/base.py. - CVE-2022-23452 -- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 08 Apr 2022 15:05:16 -0300
Upload details
- Uploaded by:
- Rodrigo Figueiredo Zaiden
- Uploaded to:
- Impish
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
barbican_13.0.0.orig.tar.gz | 667.3 KiB | 08a5285d9d283a99d88079ee14c6dde3cd6ffcdaccad6caef1ba8b921576e84e |
barbican_13.0.0-0ubuntu1.2.debian.tar.xz | 20.3 KiB | d60cbb59b60447e97951b752004c637e14a77f906a5c69a24a60641da32489ab |
barbican_13.0.0-0ubuntu1.2.dsc | 4.0 KiB | f2ead95b51aa0675a9af46930c073f2e8ae10c4e85f26e0dea023da3f19c510a |
Available diffs
Binary packages built by this source
- barbican-api: No summary available for barbican-api in ubuntu impish.
No description available for barbican-api in ubuntu impish.
- barbican-common: No summary available for barbican-common in ubuntu impish.
No description available for barbican-common in ubuntu impish.
- barbican-doc: No summary available for barbican-doc in ubuntu impish.
No description available for barbican-doc in ubuntu impish.
- barbican-keystone-listener: No summary available for barbican-keystone-listener in ubuntu impish.
No description available for barbican-
keystone- listener in ubuntu impish.
- barbican-worker: No summary available for barbican-worker in ubuntu impish.
No description available for barbican-worker in ubuntu impish.
- python3-barbican: No summary available for python3-barbican in ubuntu impish.
No description available for python3-barbican in ubuntu impish.