[Bug 1056373] Re: memcache driver needs protection against unicode user keys

Thu, 16 May 2013 10:37:40 -0700 

This bug was fixed in the package keystone - 2012.1.3+stable-20130423
-f48dd0fc-0ubuntu1

---------------
keystone (2012.1.3+stable-20130423-f48dd0fc-0ubuntu1) precise-proposed; 
urgency=low

  * Resynchronize with stable/essex (LP: #1089488):
    - [7402f5e] EC2 authentication does not ensure user or tenant is enabled
      LP: 1121494
    - [8945567] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
    - [7b5b72f] Add size validations for /tokens.
    - [ef1e682] docutils 0.10 incompatible with sphinx 1.1.3 LP: 1091333
    - [8735009] Removing user from a tenant isn't invalidating user access to
      tenant (LP: #1064914)
    - [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
      migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
    - [ddb4019] Open 2012.1.4 development
    - [0e1f05e] memcache driver needs protection against unicode user keys
      (LP: #1056373)
    - [176ee9b] Token invalidation in case of role grant/revoke should be
      limited to affected tenant (LP: #1050025)
    - [58ac669] Token validation includes revoked roles (CVE-2012-4413)
      (LP: #1041396)
    - [cd1e48a] Memcached Token Backend does not support list tokens
      (LP: #1046905)
    - [5438d3b] Update user's default tenant partially succeeds without authz
      (LP: #1040626)
  * Dropped patches, superseeded by new snapshot:
    - debian/patches/CVE-2013-0282.patch [7402f5e]
    - debian/patches/CVE-2013-1664+1665.patch [8945567]
    - debian/patches/keystone-CVE-2012-5571.patch [8735009]
    - debian/patches/keystone-CVE-2012-4413.patch [58ac669]
    - debian/patches/keystone-CVE-2012-3542.patch [5438d3b]
  * Refreshed patches:
    - debian/patches/CVE-2013-0247.patch
    - debian/patches/fix-ubuntu-tests.patch
 -- Yolanda <yolanda.ro...@canonical.com>   Tue, 23 Apr 2013 10:30:16 +0200

** Changed in: keystone (Ubuntu Precise)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3542

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4413

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5571

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0247

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0282

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1664

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1056373

Title:
  memcache driver needs protection against unicode user keys

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1056373/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to