This bug was fixed in the package keystone - 2012.2.3+stable-20130206-82c87e56-0ubuntu2
--------------- keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu2) quantal-proposed; urgency=low
* Resync with latest security updates. * SECURITY UPDATE: fix PKI revocation bypass - debian/patches/CVE-2013-1865.patch: validate tokens from the backend - CVE-2013-1865 * SECURITY UPDATE: fix EC2-style authentication for disabled users - debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py to ensure user and tenant are enabled in EC2 - CVE-2013-0282 * SECURITY UPDATE: fix denial of service - debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing - CVE-2013-1664 - CVE-2013-1665 -- James Page <email address hidden> Fri, 22 Mar 2013 12:02:56 +0000
This bug was fixed in the package keystone - 2012.2. 3+stable- 20130206- 82c87e56- 0ubuntu2
--------------- 3+stable- 20130206- 82c87e56- 0ubuntu2) quantal-proposed; urgency=low
keystone (2012.2.
* Resync with latest security updates. patches/ CVE-2013- 1865.patch: validate tokens from the backend patches/ CVE-2013- 0282.patch: adjust keystone/ contrib/ ec2/core. py patches/ CVE-2013- 1664+1665. patch: disable XML entity parsing
* SECURITY UPDATE: fix PKI revocation bypass
- debian/
- CVE-2013-1865
* SECURITY UPDATE: fix EC2-style authentication for disabled users
- debian/
to ensure user and tenant are enabled in EC2
- CVE-2013-0282
* SECURITY UPDATE: fix denial of service
- debian/
- CVE-2013-1664
- CVE-2013-1665
-- James Page <email address hidden> Fri, 22 Mar 2013 12:02:56 +0000