OpenStack Security Advisory

  1. Bug #1041396
  2. Comment #43

Comment 43 for bug 1041396

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/essex)

Reviewed: https://review.openstack.org/12870
Committed: http://github.com/openstack/keystone/commit/58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e
Submitter: Jenkins
Branch: stable/essex

commit 58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e
Author: Dolph Mathews <email address hidden>
Date: Fri Sep 7 14:55:31 2012 -0500

    Delete user tokens after role grant/revoke

    Delete user tokens when a new role is granted or revoked, in order to
    prevent old tokens to continue to be valid for the original set of
    roles for the remainder of the token's lifespan.

    Addresses CVE-2012-4413.
    Fixes bug 1041396.

    Change-Id: Ib11b5b3a933c6000afe0c875c3f71f1f101bb202