Ubuntu
keystone package

lp:~gandelman-a/ubuntu/quantal/keystone/missing_cve_patch

Created by Adam Gandelman on 2013-05-17 and last modified on 2013-05-17

Get this branch:: bzr branch lp:~gandelman-a/ubuntu/quantal/keystone/missing_cve_patch

Only Adam Gandelman can upload to this branch. If you are Adam Gandelman please log in for upload directions.

No branches dependent on this one.

169. By Adam Gandelman on 2013-05-17: Include CVE-2013-2059.patch.
168. By James Page on 2013-05-17: Re-sync changelog with latest security updates
167. By Adam Gandelman on 2013-05-13: Add meta-bug ref.
166. By Adam Gandelman on 2013-05-13: Fix release.
165. By Adam Gandelman on 2013-05-13: Drop patch as per changelog history.
164. By Adam Gandelman on 2013-05-13: Fix distro release name.
163. By Adam Gandelman on 2013-05-13: Releasing 2012.2.4-0ubuntu1.
162. By Adam Gandelman on 2013-04-23: Resync changelog with current package in quantal-proposed.
161. By James Page on 2013-03-22: * Resync with latest security updates.
* SECURITY UPDATE: fix PKI revocation bypass
  - debian/patches/CVE-2013-1865.patch: validate tokens from the backend
  - CVE-2013-1865
* SECURITY UPDATE: fix EC2-style authentication for disabled users
  - debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
    to ensure user and tenant are enabled in EC2
  - CVE-2013-0282
* SECURITY UPDATE: fix denial of service
  - debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
  - CVE-2013-1664
  - CVE-2013-1665
* SECURITY UPDATE: fix PKI revocation bypass
  - debian/patches/CVE-2013-1865.patch: validate tokens from the backend
  - CVE-2013-1865
  - LP: #1129713
160. By Adam Gandelman on 2013-02-21: 2012.2.3+stable-20130220-37b35328-0ubuntu1

This branch contains Public information

Everyone can see this information.