[Openstack-devel] Bug#712160: Bug#712160: keystone: CVE-2013-2157 - authentication bypass when using LDAP backend
Prach Pongpanich
prachpub at gmail.com
Thu Jun 13 17:27:26 UTC 2013
On Thu, Jun 13, 2013 at 11:29 PM, Yves-Alexis Perez <corsac at debian.org> wrote:
> Package: keystone
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi,
>
> a vulnerability was recently reported against keystone. See
> http://article.gmane.org/gmane.comp.security.oss.general/10412 for the
> detailed mail.
>
> Please include the CVE number in the changelog entry when uploading, and
> please contact the security team for uploads targetting stable/oldstable
> if needed.
>
> Regards,
Thanks Yves-Alexis!
I'm attaching the patches for both the Wheezy and Unstable versions
of Keystone (Folsom and Grizzly, respectively).
Regrads,
Prach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2013-2157_folsom_Authentication_bypass_when_using_LDAP_backend.patch
Type: application/octet-stream
Size: 2877 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/openstack-devel/attachments/20130614/5fcc3e1b/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2013-2157_grizzly_Authentication_bypass_when_using_LDAP_backend.patch
Type: application/octet-stream
Size: 2948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/openstack-devel/attachments/20130614/5fcc3e1b/attachment-0003.obj>
More information about the Openstack-devel
mailing list