[Openstack-devel] Bug#731981: keystone: CVE-2013-6391: Keystone trust circumvention through EC2-style tokens
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 11 22:11:26 UTC 2013
Package: keystone
Version: 2013.2-4
Severity: grave
Tags: security upstream patch
Hi Thomas,
the following vulnerability was published for keystone.
CVE-2013-6391[0]:
Keystone trust circumvention through EC2-style tokens
Upstream bugreport is at [1]. keystone in wheezy does not seem to be
affected, at least I have not found the vulnerable code (and upstream
also says it affects only (grizzly), havana and later).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6391
http://security-tracker.debian.org/tracker/CVE-2013-6391
[1] https://launchpad.net/bugs/1242597
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1039164
Regards, and thanks for your work.
Salvatore
More information about the Openstack-devel
mailing list