lp://staging/~gandelman-a/ubuntu/quantal/keystone/missing_cve_patch
Created by
Adam Gandelman
and last modified
- Get this branch:
- bzr branch lp://staging/~gandelman-a/ubuntu/quantal/keystone/missing_cve_patch
Only
Adam Gandelman
can upload to this branch. If you are
Adam Gandelman
please log in for upload directions.
Branch merges
Propose for merging
No branches
dependent on this one.
Branch information
- Owner:
- Adam Gandelman
- Status:
- Development
Recent revisions
- 161. By James Page
-
* Resync with latest security updates.
* SECURITY UPDATE: fix PKI revocation bypass
- debian/patches/ CVE-2013- 1865.patch: validate tokens from the backend
- CVE-2013-1865
* SECURITY UPDATE: fix EC2-style authentication for disabled users
- debian/patches/ CVE-2013- 0282.patch: adjust keystone/ contrib/ ec2/core. py
to ensure user and tenant are enabled in EC2
- CVE-2013-0282
* SECURITY UPDATE: fix denial of service
- debian/patches/ CVE-2013- 1664+1665. patch: disable XML entity parsing
- CVE-2013-1664
- CVE-2013-1665
* SECURITY UPDATE: fix PKI revocation bypass
- debian/patches/ CVE-2013- 1865.patch: validate tokens from the backend
- CVE-2013-1865
- LP: #1129713
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/saucy/keystone