[PKG-Openstack-devel] Bug#749026: Bug#749026: keystone: CVE-2014-0204: nproper role assignments to users
Thomas Goirand
zigo at debian.org
Fri May 23 06:39:20 UTC 2014
On 05/23/2014 01:16 PM, Salvatore Bonaccorso wrote:
> Source: keystone
> Severity: grave
> Tags: security upstream
>
> Hi Thomas,
>
> the following vulnerability was published for keystone.
>
> CVE-2014-0204[0]:
> Keystone user and group id mismatch
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204
> https://security-tracker.debian.org/tracker/CVE-2014-0204
> [1] https://bugs.launchpad.net/keystone/%2Bbug/1309228
>
>>From advisory (code not checked) it looks wheezy version should not be
> affected, but could you please adjust the affected versions in the BTS
> as needed?
>
> Regards,
> Salvatore
Hi Salvatore,
This was already uploaded in version 2014.1-3. I forgot to edit the
debian/changelog for this (I uploaded mistakenly before I was finished
with my work). However, there's an update for the patch which the
package still doesn't have, so I will leave the bug open until I can
find the time to push for an updated patch.
Thanks for your care,
Thomas Goirand (zigo)
More information about the Openstack-devel
mailing list