Package "keystone"
WARNING: the "keystone" package was deleted from this repository
Name: |
keystone
|
Description: |
OpenStack identity service - Daemons
|
Latest version: |
*DELETED* |
Release: |
precise (12.04) |
Level: |
proposed |
Repository: |
main |
Homepage: |
http://launchpad.net/keystone |
Links
Download "keystone"
Other versions of "keystone" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
keystone (2012.1.3+stable-20130423-f48dd0fc-0ubuntu1) precise-proposed; urgency=low
* Resynchronize with stable/essex (LP: #1089488):
- [7402f5e] EC2 authentication does not ensure user or tenant is enabled
LP: 1121494
- [8945567] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
- [7b5b72f] Add size validations for /tokens.
- [ef1e682] docutils 0.10 incompatible with sphinx 1.1.3 LP: 1091333
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant (LP: #1064914)
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys
(LP: #1056373)
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant (LP: #1050025)
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
(LP: #1041396)
- [cd1e48a] Memcached Token Backend does not support list tokens
(LP: #1046905)
- [5438d3b] Update user's default tenant partially succeeds without authz
(LP: #1040626)
* Dropped patches, superseeded by new snapshot:
- debian/patches/CVE-2013-0282.patch [7402f5e]
- debian/patches/CVE-2013-1664+1665.patch [8945567]
- debian/patches/keystone-CVE-2012-5571.patch [8735009]
- debian/patches/keystone-CVE-2012-4413.patch [58ac669]
- debian/patches/keystone-CVE-2012-3542.patch [5438d3b]
* Refreshed patches:
- debian/patches/CVE-2013-0247.patch
- debian/patches/fix-ubuntu-tests.patch
-- Yolanda <email address hidden> Tue, 23 Apr 2013 10:30:16 +0200
|
1089488 |
Meta bug for tracking Openstack Stable Updates |
1064914 |
Removing user from a tenant isn't invalidating user access to tenant |
1056373 |
memcache driver needs protection against unicode user keys |
1050025 |
Token invalidation in case of role grant/revoke should be limited to affected tenant |
1041396 |
Token validation includes revoked roles (CVE-2012-4413) |
1046905 |
Memcached Token Backend does not support list tokens |
1040626 |
Update user's default tenant partially succeeds without authz |
CVE-2013-1664 |
Denial of service via xml entity parsing |
CVE-2012-4413 |
openstack revoking a role does not affect existing tokens |
CVE-2013-0282 |
EC2-style authentication accepts disabled user/tenants |
CVE-2012-5571 |
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which al |
CVE-2012-3542 |
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to a |
CVE-2013-0247 |
Keystone denial of service through invalid token requests |
|
keystone (2012.1+stable~20120824-a16a0ab9-0ubuntu2) precise-proposed; urgency=low
* New upstream release (LP: #1041120):
- debian/patches/0013-Flush-tenant-membership-deletion-before-user.patch:
Dropped.
* Resynchronize with stable/essex:
- authenticate in ldap backend doesn't return a list of roles
(LP: #1035428)
- LDAP should not check username on "sn" field (LP: #997700)
- Admin API doesn't valid token. (LP: #1006815, #1006822)
- Memcache token backend eventually stops working. (LP: #1012381)
- EC2 credentials not migrated from legacy (diablo) database. (LP: #1016056)
- Deleting tenants or users does not cleanup metadata. (LP: #973243)
- Deleting tenants does not cleanup its user associations. (LP: #974199)
- TokenNotFound not raised in testsuite beacuse of timezone issues. (LP: #983800)
- Token authentication for a user in a disabled tenant does not raise
Unauthorized error. (LP: #988920)
- export_legacy_catalog doesn't convert url names correctly. (LP: #994936)
- Following a password compromise and subsequent password change,
tokens remain valid. (LP: #996595)
- Tokens remain valid after a user account is disabled. (LP: #997194)
-- Adam Gandelman <email address hidden> Fri, 24 Aug 2012 03:34:59 -0400
|
1041120 |
Meta bug for tracking Openstack Stable Updates |
1035428 |
authenticate in ldap backend doesn't return a list of roles |
997700 |
LDAP should not check username on \ |
1006815 |
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token |
1012381 |
Memcache token backend eventually stops working |
1016056 |
EC2 credentials not migrated from legacy (diablo) database |
973243 |
deleting tenants or users does not clean up metadata |
974199 |
deleting a tenant does not cleanup its user associations |
983800 |
TokenNotFound not raised in testsuite because of timezone issues |
988920 |
Token authentication for a user in a disabled tenant does not raise Unauthorized error |
994936 |
export_legacy_catalog doesn't convert url names correctly |
996595 |
Following a password compromise and subsequent password change, tokens remain valid. |
997194 |
Tokens remain valid after a user account is disabled |
|
About
-
Send Feedback to @ubuntu_updates