UbuntuUpdates.org

Package "barbican"

Name: barbican

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • OpenStack Key Management Service - API Server
  • OpenStack Key Management Service - common files
  • OpenStack Key Management Service - doc
  • OpenStack Key Management Service - Keystone Listener

Latest version: 1:10.1.0-0ubuntu2.2
Release: focal (20.04)
Level: updates
Repository: main

Links



Other versions of "barbican" in Focal

Repository Area Version
base main 1:10.0.0~b2~git2020020508.7b14d983-0ubuntu3
security main 1:10.1.0-0ubuntu2.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:10.1.0-0ubuntu2.2 2022-10-25 14:07:19 UTC

  barbican (1:10.1.0-0ubuntu2.2) focal-security; urgency=medium

  * SECURITY UPDATE: access policy bypass via query string injection
    - debian/patches/CVE-2022-3100.patch: don't use contents of query
      string in barbican/api/controllers/__init__.py.
    - CVE-2022-3100

 -- Marc Deslauriers <email address hidden> Wed, 05 Oct 2022 09:31:21 -0400

Source diff to previous version
CVE-2022-3100 access policy bypass via query string injection

Version: 1:10.1.0-0ubuntu2.1 2022-04-25 16:06:24 UTC

  barbican (1:10.1.0-0ubuntu2.1) focal-security; urgency=medium

  * SECURITY UPDATE: Access restrictions bypass
    - debian/patches/CVE-2022-23451.patch: Change access policies to
      secret metadata in barbican/common/policies/secretmeta.py. Add a new
      role in barbican/common/policies/base.py and make use of these changes
      in barbican/api/controllers/__init__.py,
      barbican/api/controllers/secretmeta.py and
      barbican/api/controllers/secrets.py.
    - debian/patches/CVE-2022-23451-post.patch: Change secret policies in
      barbican/common/policies/secrets.py, add tests in
      barbican/tests/api/test_resources_policy.py and
      functionaltests/api/v1/functional/test_secrets_rbac.py and update
      api guide in api-guide/source/acls.rst.
    - CVE-2022-23451
  * SECURITY UPDATE: Ownership bypass
    - debian/patches/CVE-2022-23452.patch: Update container secret policies
      in barbican/common/policies/containers.py and add a new role in
      barbican/common/policies/base.py.
    - CVE-2022-23452

 -- Rodrigo Figueiredo Zaiden <email address hidden> Wed, 20 Apr 2022 18:00:29 -0300

Source diff to previous version

Version: 1:10.1.0-0ubuntu2 2021-11-25 12:06:20 UTC

  barbican (1:10.1.0-0ubuntu2) focal; urgency=medium

  * d/p/fix-castellan-secret-store-encoding.patch: Fix inconsistent encoding
    of SecretDTO objects (LP: #1946787).

 -- Corey Bryant <email address hidden> Mon, 01 Nov 2021 14:09:38 -0400

Source diff to previous version
1946787 [SRU] Fix inconsistent encoding secret encoding

Version: 1:10.1.0-0ubuntu1 2021-10-19 16:06:23 UTC

  barbican (1:10.1.0-0ubuntu1) focal; urgency=medium

  * d/watch: Add trailing slash to URL.
  * d/watch: Fix version string parsing.
  * New stable point release for OpenStack Ussuri (LP: #1943712).
  * d/p/resolve-alembic-migration-issue-mysql8.patch: Removed after
    inclusion in upstream release.

 -- Chris MacNaughton <email address hidden> Fri, 17 Sep 2021 10:05:07 +0000

Source diff to previous version

Version: 1:10.0.0-0ubuntu0.20.04.3 2021-03-25 12:06:47 UTC

  barbican (1:10.0.0-0ubuntu0.20.04.3) focal; urgency=medium

  * d/p/resolve-alembic-migration-issue-mysql8.patch: Update .egg-info/SOURCES.txt
    to include new migration and remove old migration.




About   -   Send Feedback to @ubuntu_updates