diff -Nru python-oslo.middleware-3.8.0/debian/changelog python-oslo.middleware-3.8.0/debian/changelog
--- python-oslo.middleware-3.8.0/debian/changelog	2016-04-04 05:32:16.000000000 -0400
+++ python-oslo.middleware-3.8.0/debian/changelog	2018-05-10 10:00:18.000000000 -0400
@@ -1,3 +1,12 @@
+python-oslo.middleware (3.8.0-2ubuntu1) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: Information disclosure in log file (LP: #1628031)
+    - d/p/filter-token-data-out-of-catch_errors-middleware.patch:
+      ensure sensitive token data is not written to log file.
+    - CVE-2017-2592
+
+ -- Corey Bryant <corey.bryant@canonical.com>  Thu, 10 May 2018 10:00:18 -0400
+
 python-oslo.middleware (3.8.0-2) unstable; urgency=medium
 
   * Uploading to unstable.
diff -Nru python-oslo.middleware-3.8.0/debian/patches/filter-token-data-out-of-catch_errors-middleware.patch python-oslo.middleware-3.8.0/debian/patches/filter-token-data-out-of-catch_errors-middleware.patch
--- python-oslo.middleware-3.8.0/debian/patches/filter-token-data-out-of-catch_errors-middleware.patch	1969-12-31 19:00:00.000000000 -0500
+++ python-oslo.middleware-3.8.0/debian/patches/filter-token-data-out-of-catch_errors-middleware.patch	2018-05-10 10:00:18.000000000 -0400
@@ -0,0 +1,90 @@
+From ec073669a49267abcb0c1d776b9050342dac5a4a Mon Sep 17 00:00:00 2001
+From: Jamie Lennox <jamielennox@gmail.com>
+Date: Wed, 28 Sep 2016 15:03:53 +1000
+Subject: [PATCH] Filter token data out of catch_errors middleware
+
+If an exception is caught by the catch_errors middleware the entire
+request is dumped into the log including sensitive information like
+tokens. Filter that information before outputting the failed request.
+
+Closes-Bug: #1628031
+Change-Id: I2563403993513c37751576223275350cac2e0937
+---
+ oslo_middleware/catch_errors.py            |  6 +++++-
+ oslo_middleware/tests/test_catch_errors.py | 25 ++++++++++++++++++++++
+ 2 files changed, 30 insertions(+), 1 deletion(-)
+
+diff --git a/oslo_middleware/catch_errors.py b/oslo_middleware/catch_errors.py
+index 43d085f..0934fc5 100644
+--- a/oslo_middleware/catch_errors.py
++++ b/oslo_middleware/catch_errors.py
+@@ -14,6 +14,7 @@
+ #    under the License.
+ 
+ import logging
++import re
+ 
+ import webob.dec
+ import webob.exc
+@@ -24,6 +25,8 @@ from oslo_middleware import base
+ 
+ LOG = logging.getLogger(__name__)
+ 
++_TOKEN_RE = re.compile('^(X-\w+-Token):.*$', flags=re.MULTILINE)
++
+ 
+ class CatchErrors(base.ConfigurableMiddleware):
+     """Middleware that provides high-level error handling.
+@@ -37,7 +40,8 @@ class CatchErrors(base.ConfigurableMiddleware):
+         try:
+             response = req.get_response(self.application)
+         except Exception:
++            req_str = _TOKEN_RE.sub(r'\1: <removed>', req.as_text())
+             LOG.exception(_LE('An error occurred during '
+-                              'processing the request: %s'), req)
++                              'processing the request: %s'), req_str)
+             response = webob.exc.HTTPInternalServerError()
+         return response
+diff --git a/oslo_middleware/tests/test_catch_errors.py b/oslo_middleware/tests/test_catch_errors.py
+index 920bbe2..0b675e2 100644
+--- a/oslo_middleware/tests/test_catch_errors.py
++++ b/oslo_middleware/tests/test_catch_errors.py
+@@ -13,6 +13,7 @@
+ #    License for the specific language governing permissions and limitations
+ #    under the License.
+ 
++import fixtures
+ import mock
+ from oslotest import base as test_base
+ import webob.dec
+@@ -45,3 +46,27 @@ class CatchErrorsTest(test_base.BaseTestCase):
+             self._test_has_request_id(application,
+                                       webob.exc.HTTPInternalServerError.code)
+             self.assertEqual(1, log_exc.call_count)
++
++    def test_filter_tokens_from_log(self):
++        logger = self.useFixture(fixtures.FakeLogger(nuke_handlers=False))
++
++        @webob.dec.wsgify
++        def application(req):
++            raise Exception()
++
++        app = catch_errors.CatchErrors(application)
++        req = webob.Request.blank('/test',
++                                  text=u'test data',
++                                  method='POST',
++                                  headers={'X-Auth-Token': 'secret1',
++                                           'X-Service-Token': 'secret2',
++                                           'X-Other-Token': 'secret3'})
++        res = req.get_response(app)
++        self.assertEqual(500, res.status_int)
++
++        output = logger.output
++
++        self.assertIn('X-Auth-Token: <removed>', output)
++        self.assertIn('X-Service-Token: <removed>', output)
++        self.assertIn('X-Other-Token: <removed>', output)
++        self.assertIn('test data', output)
+-- 
+2.17.0
+
diff -Nru python-oslo.middleware-3.8.0/debian/patches/series python-oslo.middleware-3.8.0/debian/patches/series
--- python-oslo.middleware-3.8.0/debian/patches/series	2016-04-04 05:32:16.000000000 -0400
+++ python-oslo.middleware-3.8.0/debian/patches/series	2018-05-10 10:00:12.000000000 -0400
@@ -1 +1,2 @@
 remove-privacy-breach-in-README.rst.patch
+filter-token-data-out-of-catch_errors-middleware.patch