[Secure-testing-commits] r22945 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Mon Jul 15 15:28:28 UTC 2013
Author: carnil
Date: 2013-07-15 15:28:28 +0000 (Mon, 15 Jul 2013)
New Revision: 22945
Modified:
data/CVE/list
Log:
update entry for CVE-2013-2104, keystone (left explicit wheezy-tag due to different not-affected reasoning)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-07-15 15:26:21 UTC (rev 22944)
+++ data/CVE/list 2013-07-15 15:28:28 UTC (rev 22945)
@@ -6264,13 +6264,13 @@
NOT-FOR-US: Show In Browser Ruby Gem
CVE-2013-2104 [Missing expiration check in Keystone PKI tokens validation]
RESERVED
- - keystone <unfixed>
+ - keystone <not-affected> (Vulnerable code only in experimental versions of keystone)
[wheezy] - keystone <not-affected> (PKI token support not yet present)
- python-keystoneclient 1:0.2.5-1
[wheezy] - python-keystoneclient <not-affected> (vulnerable code not present)
NOTE: Keystone Folsom fix: https://review.openstack.org/#/c/30743/
NOTE: python-keystoneclient fix: https://review.openstack.org/#/c/30742/
- TODO: check versions and report to BTS
+ NOTE: Starting with 2013.1-1 code in keystone/middleware/auth_token.py moved to python-keystoneclient
CVE-2013-2103
RESERVED
CVE-2013-2102
More information about the Secure-testing-commits
mailing list