2013-10-21 09:46:29 |
Steven Hardy |
bug |
|
|
added bug |
2013-10-21 09:51:02 |
Steven Hardy |
attachment added |
|
Reproducer script https://bugs.launchpad.net/keystone/+bug/1242597/+attachment/3885983/+files/trust_ec2_test.py |
|
2013-10-21 13:33:36 |
Thierry Carrez |
bug task added |
|
ossa |
|
2013-10-21 13:34:45 |
Thierry Carrez |
keystone: importance |
Undecided |
Critical |
|
2013-10-21 13:34:45 |
Thierry Carrez |
keystone: status |
New |
Confirmed |
|
2013-10-21 13:34:57 |
Thierry Carrez |
ossa: importance |
Undecided |
High |
|
2013-10-21 13:34:57 |
Thierry Carrez |
ossa: status |
New |
Confirmed |
|
2013-10-21 16:10:11 |
Steven Hardy |
keystone: assignee |
|
Steven Hardy (shardy) |
|
2013-10-21 19:06:56 |
Steven Hardy |
attachment added |
|
Proposed fix https://bugs.launchpad.net/keystone/+bug/1242597/+attachment/3886582/+files/0001-Fix-issues-handling-trust-tokens-via-ec2tokens-API.patch |
|
2013-10-22 18:20:21 |
Steven Hardy |
attachment added |
|
Proposed fix, second draft https://bugs.launchpad.net/keystone/+bug/1242597/+attachment/3887645/+files/0001-Fix-issues-handling-trust-tokens-via-ec2tokens-API.patch |
|
2013-10-22 20:06:33 |
Adam Young |
bug |
|
|
added subscriber Jeremy Agee |
2013-10-22 20:06:50 |
Adam Young |
bug |
|
|
added subscriber Jamie Lennox |
2013-10-24 14:40:55 |
Thierry Carrez |
bug |
|
|
added subscriber Dolph Mathews |
2013-10-24 14:41:05 |
Thierry Carrez |
bug |
|
|
added subscriber Adam Young |
2013-10-28 13:25:05 |
Dolph Mathews |
bug |
|
|
added subscriber Matthieu Huin |
2013-11-14 10:43:19 |
Thierry Carrez |
ossa: assignee |
|
Thierry Carrez (ttx) |
|
2013-11-14 15:04:54 |
Thierry Carrez |
ossa: status |
Confirmed |
Triaged |
|
2013-11-19 21:46:19 |
Morgan Fainberg |
attachment added |
|
0001-Fix-issues-handling-trust-tokens-via-ec2tokens-API-MASTER.patch https://bugs.launchpad.net/keystone/+bug/1242597/+attachment/3912878/+files/0001-Fix-issues-handling-trust-tokens-via-ec2tokens-API-MASTER.patch |
|
2013-11-21 21:18:36 |
Morgan Fainberg |
attachment added |
|
0001-Fix-issues-handling-trust-tokens-via-ec2tokens-API-grizzly.patch https://bugs.launchpad.net/keystone/+bug/1242597/+attachment/3914454/+files/0001-Fix-issues-handling-trust-tokens-via-ec2tokens-API-grizzly.patch |
|
2013-11-25 16:02:54 |
Thierry Carrez |
ossa: status |
Triaged |
In Progress |
|
2013-11-26 10:19:11 |
Thierry Carrez |
cve linked |
|
2013-6391 |
|
2013-11-26 10:19:20 |
Thierry Carrez |
summary |
ec2tokens API doesn't handle trust-scoped tokens correctly |
ec2tokens API doesn't handle trust-scoped tokens correctly (CVE-2013-6391) |
|
2013-11-29 07:59:02 |
Thierry Carrez |
bug |
|
|
added subscriber Alan Pevec |
2013-12-03 21:11:39 |
Steven Hardy |
bug |
|
|
added subscriber Steve Baker |
2013-12-06 15:47:32 |
Thierry Carrez |
ossa: assignee |
Thierry Carrez (ttx) |
Jeremy Stanley (fungi) |
|
2013-12-06 16:44:09 |
Jeremy Stanley |
ossa: status |
In Progress |
Fix Committed |
|
2013-12-06 16:44:16 |
Jeremy Stanley |
bug |
|
|
added subscriber Canonical Security Team |
2013-12-11 13:36:43 |
Jeremy Stanley |
information type |
Private Security |
Public Security |
|
2013-12-11 13:38:22 |
OpenStack Infra |
keystone: status |
Confirmed |
In Progress |
|
2013-12-11 13:38:22 |
OpenStack Infra |
keystone: assignee |
Steven Hardy (shardy) |
Jeremy Stanley (fungi) |
|
2013-12-11 13:57:57 |
Jeremy Stanley |
keystone: assignee |
Jeremy Stanley (fungi) |
Steven Hardy (shardy) |
|
2013-12-11 13:59:22 |
Thierry Carrez |
nominated for series |
|
keystone/havana |
|
2013-12-11 13:59:22 |
Thierry Carrez |
bug task added |
|
keystone/havana |
|
2013-12-11 14:00:30 |
OpenStack Infra |
keystone/havana: status |
New |
In Progress |
|
2013-12-11 14:00:30 |
OpenStack Infra |
keystone/havana: assignee |
|
Jeremy Stanley (fungi) |
|
2013-12-11 14:01:09 |
Jeremy Stanley |
keystone/havana: assignee |
Jeremy Stanley (fungi) |
Steven Hardy (shardy) |
|
2013-12-11 15:04:21 |
Alan Pevec |
keystone/havana: importance |
Undecided |
Critical |
|
2013-12-11 15:05:12 |
Alan Pevec |
keystone/havana: milestone |
|
2013.2.1 |
|
2013-12-11 15:56:47 |
Jeremy Stanley |
summary |
ec2tokens API doesn't handle trust-scoped tokens correctly (CVE-2013-6391) |
[OSSA 2013-032] Keystone trust circumvention through EC2-style tokens (CVE-2013-6391) |
|
2013-12-13 07:45:56 |
OpenStack Infra |
keystone: status |
In Progress |
Fix Committed |
|
2013-12-14 01:02:47 |
OpenStack Infra |
keystone/havana: status |
In Progress |
Fix Committed |
|
2013-12-14 18:36:16 |
Jeremy Stanley |
ossa: status |
Fix Committed |
Fix Released |
|
2013-12-16 22:45:32 |
Alan Pevec |
keystone/havana: status |
Fix Committed |
Fix Released |
|
2013-12-17 20:34:10 |
Jamie Strandboge |
cve linked |
|
2013-4477 |
|
2013-12-18 19:41:10 |
Adam Gandelman |
bug |
|
|
added subscriber Adam Gandelman |
2014-01-22 15:42:23 |
Thierry Carrez |
keystone: status |
Fix Committed |
Fix Released |
|
2014-01-22 15:42:23 |
Thierry Carrez |
keystone: milestone |
|
icehouse-2 |
|
2014-01-25 09:33:51 |
OpenStack Infra |
tags |
|
in-stable-grizzly |
|
2014-03-20 20:02:30 |
Alan Pevec |
tags |
in-stable-grizzly |
|
|
2014-03-20 20:05:15 |
Alan Pevec |
nominated for series |
|
keystone/grizzly |
|
2014-03-20 20:05:16 |
Alan Pevec |
bug task added |
|
keystone/grizzly |
|
2014-03-20 20:05:50 |
Alan Pevec |
keystone/grizzly: status |
New |
Fix Committed |
|
2014-03-20 20:05:50 |
Alan Pevec |
keystone/grizzly: milestone |
|
2013.1.5 |
|
2014-03-20 20:07:28 |
Alan Pevec |
keystone/grizzly: importance |
Undecided |
Critical |
|
2014-03-20 20:07:35 |
Alan Pevec |
keystone/grizzly: assignee |
|
Dolph Mathews (dolph) |
|
2014-03-20 22:12:17 |
Alan Pevec |
keystone/grizzly: status |
Fix Committed |
Fix Released |
|
2014-04-17 07:58:15 |
Thierry Carrez |
keystone: milestone |
icehouse-2 |
2014.1 |
|