diff -Nru keystone-2012.2~f3/debian/changelog keystone-2012.2~f3/debian/changelog
--- keystone-2012.2~f3/debian/changelog	2012-08-17 08:33:20.000000000 -0700
+++ keystone-2012.2~f3/debian/changelog	2012-09-06 10:51:42.000000000 -0700
@@ -1,3 +1,13 @@
+keystone (2012.2~f3-0ubuntu2) quantal; urgency=low
+
+  * SECURITY UPDATE: tenants are able to be added to users without
+    authorization (LP: #1040626)
+    - debian/patches/keystone-CVE-2012-3542: require authz to update a
+      user's tenant.
+    - CVE-2012-3542
+
+ -- Steve Beattie <sbeattie@ubuntu.com>  Thu, 06 Sep 2012 10:51:33 -0700
+
 keystone (2012.2~f3-0ubuntu1) quantal; urgency=low
 
   [ Adam Gandelman ]
diff -Nru keystone-2012.2~f3/debian/patches/keystone-CVE-2012-3542.patch keystone-2012.2~f3/debian/patches/keystone-CVE-2012-3542.patch
--- keystone-2012.2~f3/debian/patches/keystone-CVE-2012-3542.patch	1969-12-31 16:00:00.000000000 -0800
+++ keystone-2012.2~f3/debian/patches/keystone-CVE-2012-3542.patch	2012-09-06 09:36:18.000000000 -0700
@@ -0,0 +1,18 @@
+Origin: https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155
+Subject: Require authz to update user's tenant
+Bug: https://bugs.launchpad.net/keystone/+bug/1040626
+
+CVE-2012-3542
+
+diff --git a/keystone/identity/core.py b/keystone/identity/core.py
+index a0704f1..db3ce31 100644
+--- a/keystone/identity/core.py
++++ b/keystone/identity/core.py
+@@ -436,6 +436,7 @@ def set_user_password(self, context, user_id, user):
+ 
+     def update_user_tenant(self, context, user_id, user):
+         """Update the default tenant."""
++        self.assert_admin(context)
+         # ensure that we're a member of that tenant
+         tenant_id = user.get('tenantId')
+         self.identity_api.add_user_to_tenant(context, tenant_id, user_id)
diff -Nru keystone-2012.2~f3/debian/patches/series keystone-2012.2~f3/debian/patches/series
--- keystone-2012.2~f3/debian/patches/series	2012-08-17 08:33:20.000000000 -0700
+++ keystone-2012.2~f3/debian/patches/series	2012-09-06 09:36:18.000000000 -0700
@@ -1,2 +1,3 @@
 fix-ubuntu-tests.patch
 sql_connection.patch
+keystone-CVE-2012-3542.patch