[Openstack-devel] Bug#731981: keystone: CVE-2013-6391: Keystone trust circumvention through EC2-style tokens
Thomas Goirand
zigo at debian.org
Wed Dec 18 15:49:41 UTC 2013
On 12/12/2013 02:35 PM, Salvatore Bonaccorso wrote:
> Yes thanks for working on this. I'm aware there are other's CVE
> assigned also for the other components, I simply had not yet the
> chance to look at it and reporting it to the BTS. They are at least
> already in the security-tracker marked as TODO: check.
>
> Regards,
> Salvatore
Hi Salvatore,
My last uploads are fixing the following in Sid:
Heat: CVE-2013-6428, CVE-2013-6426.
Nova: CVE-2013-7048, CVE-2013-6419.
Neutron: CVE-2013-6419.
Keystone: CVE-2013-6391.
I haven't had time to check what's going on with Wheezy / OpenStack
Essex, and I don't think I'll have the time to do so in the foreseeable
future (I'll be busy with personal stuff soon).
Cheers,
Thomas
More information about the Openstack-devel
mailing list