OSSA sent: https://lists.launchpad.net/openstack/msg17034.html
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/rol
Description looks good to me.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
validate token
To m
russel - description is good, run with it.
** Description changed:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
- validate token
+ validate the authentication token before returning a response.
- we can get the same result without a token in HTTP head.
+ i.e. we can get
Please review this vulnerability description. Once confirmed it will go
out in an OSSA. This applies to this bug as well as bug 1006822.
Title: Some actions in Keystone admin API do not validate token
Impact: High
Reporter: Jason Xu
Products: Keystone
Affects: Essex (prior to 2012.1.2), Folsom
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4456
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{
** Changed in: keystone
Milestone: folsom-2 => 2012.2
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles do
** This bug has been flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doe
This bug was fixed in the package keystone -
2012.1+stable~20120824-a16a0ab9-0ubuntu2
---
keystone (2012.1+stable~20120824-a16a0ab9-0ubuntu2) precise-proposed;
urgency=low
* New upstream release (LP: #1041120):
- debian/patches/0013-Flush-tenant-membership-deletion-before-user.
Test coverage log.
** Attachment added: "2012.1+stable~20120824-a16a0ab9-0ubuntu2.log"
https://bugs.launchpad.net/bugs/1006815/+attachment/3283183/+files/2012.1%2Bstable%7E20120824-a16a0ab9-0ubuntu2.log
** Tags added: verification-done
--
You received this bug notification because you are a
** Branch linked: lp:ubuntu/precise-proposed/keystone
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn'
** Changed in: keystone (Ubuntu)
Status: New => Fix Released
** Changed in: keystone (Ubuntu Precise)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net
The attachment "keystone_tenant_api_bug.patch" of this bug report has
been identified as being a patch. The ubuntu-reviewers team has been
subscribed to the bug report so that they can review the patch. In the
event that this is in fact not a patch you can resolve this situation by
removing the t
** Also affects: keystone (Ubuntu)
Importance: Undecided
Status: New
** Also affects: keystone (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: keystone (Ubuntu Quantal)
Importance: Undecided
Status: New
--
You received this bug notification beca
13 matches
Mail list logo