[PKG-Openstack-devel] Bug#749026: keystone: CVE-2014-0204: nproper role assignments to users
Salvatore Bonaccorso
carnil at debian.org
Fri May 23 05:16:25 UTC 2014
Source: keystone
Severity: grave
Tags: security upstream
Hi Thomas,
the following vulnerability was published for keystone.
CVE-2014-0204[0]:
Keystone user and group id mismatch
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204
https://security-tracker.debian.org/tracker/CVE-2014-0204
[1] https://bugs.launchpad.net/keystone/%2Bbug/1309228
>From advisory (code not checked) it looks wheezy version should not be
affected, but could you please adjust the affected versions in the BTS
as needed?
Regards,
Salvatore
More information about the Openstack-devel
mailing list