Comment 34 for bug 1893234

This bug was fixed in the package keystone - 2:13.0.4-0ubuntu1~cloud0
---------------

 keystone (2:13.0.4-0ubuntu1~cloud0) xenial-queens; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 keystone (2:13.0.4-0ubuntu1) bionic-security; urgency=medium
 .
   [ Chris MacNaughton ]
   * d/watch: Update to point at opendev.org.
   * New stable point release for OpenStack Queens (LP: #1893234).
     - d/p/0001-fixing-dn-to-id.patch: Dropped. Fixed in upstream
       release.
 .
   [ Corey Bryant ]
   * SECURITY UPDATE: EC2 and/or credential endpoints are not protected
     from a scoped context. Keystone V3 /credentials endpoint policy
     logic allows to change credentials owner or target project ID.
     - debian/patches/CVE-2020-12689-CVE-2020-12691.patch: Fix security
       issues with EC2 credentials, addressing several issues in the
       creation and use of EC2/S3 credentials with keystone tokens.
     - CVE-2020-12689, CVE-2020-12691
   * SECURITY UPDATE: OAuth1 request token authorize silently ignores
     roles parameter.
     - debian/patches/CVE-2020-12690.patch: Ensure OAuth1 authorized
       roles are respected.
     - CVE-2020-12691
   * SECURITY UPDATE: Keystone doesn't check signature TTL of the EC2
     credential auth method.
     - debian/patches/CVE-2020-12692.patch: Check timestamp of signed
       EC2 token request.
     - CVE-2020-12692