OpenStack Security Advisory

Bug #1242597
Activity log

Activity log for bug #1242597

Date	Who	What changed	Old value	New value	Message
2013-10-21 09:46:29	Steven Hardy	bug			added bug
2013-10-21 09:51:02	Steven Hardy	attachment added		Reproducer script https://bugs.launchpad.net/keystone/+bug/1242597/+attachment/3885983/+files/trust_ec2_test.py
2013-10-21 13:33:36	Thierry Carrez	bug task added		ossa
2013-10-21 13:34:45	Thierry Carrez	keystone: importance	Undecided	Critical
2013-10-21 13:34:45	Thierry Carrez	keystone: status	New	Confirmed
2013-10-21 13:34:57	Thierry Carrez	ossa: importance	Undecided	High
2013-10-21 13:34:57	Thierry Carrez	ossa: status	New	Confirmed
2013-10-21 16:10:11	Steven Hardy	keystone: assignee		Steven Hardy (shardy)
2013-10-21 19:06:56	Steven Hardy	attachment added		Proposed fix https://bugs.launchpad.net/keystone/+bug/1242597/+attachment/3886582/+files/0001-Fix-issues-handling-trust-tokens-via-ec2tokens-API.patch
2013-10-22 18:20:21	Steven Hardy	attachment added		Proposed fix, second draft https://bugs.launchpad.net/keystone/+bug/1242597/+attachment/3887645/+files/0001-Fix-issues-handling-trust-tokens-via-ec2tokens-API.patch
2013-10-22 20:06:33	Adam Young	bug			added subscriber Jeremy Agee
2013-10-22 20:06:50	Adam Young	bug			added subscriber Jamie Lennox
2013-10-24 14:40:55	Thierry Carrez	bug			added subscriber Dolph Mathews
2013-10-24 14:41:05	Thierry Carrez	bug			added subscriber Adam Young
2013-10-28 13:25:05	Dolph Mathews	bug			added subscriber Matthieu Huin
2013-11-14 10:43:19	Thierry Carrez	ossa: assignee		Thierry Carrez (ttx)
2013-11-14 15:04:54	Thierry Carrez	ossa: status	Confirmed	Triaged
2013-11-19 21:46:19	Morgan Fainberg	attachment added		0001-Fix-issues-handling-trust-tokens-via-ec2tokens-API-MASTER.patch https://bugs.launchpad.net/keystone/+bug/1242597/+attachment/3912878/+files/0001-Fix-issues-handling-trust-tokens-via-ec2tokens-API-MASTER.patch
2013-11-21 21:18:36	Morgan Fainberg	attachment added		0001-Fix-issues-handling-trust-tokens-via-ec2tokens-API-grizzly.patch https://bugs.launchpad.net/keystone/+bug/1242597/+attachment/3914454/+files/0001-Fix-issues-handling-trust-tokens-via-ec2tokens-API-grizzly.patch
2013-11-25 16:02:54	Thierry Carrez	ossa: status	Triaged	In Progress
2013-11-26 10:19:11	Thierry Carrez	cve linked		2013-6391
2013-11-26 10:19:20	Thierry Carrez	summary	ec2tokens API doesn't handle trust-scoped tokens correctly	ec2tokens API doesn't handle trust-scoped tokens correctly (CVE-2013-6391)
2013-11-29 07:59:02	Thierry Carrez	bug			added subscriber Alan Pevec
2013-12-03 21:11:39	Steven Hardy	bug			added subscriber Steve Baker
2013-12-06 15:47:32	Thierry Carrez	ossa: assignee	Thierry Carrez (ttx)	Jeremy Stanley (fungi)
2013-12-06 16:44:09	Jeremy Stanley	ossa: status	In Progress	Fix Committed
2013-12-06 16:44:16	Jeremy Stanley	bug			added subscriber Canonical Security Team
2013-12-11 13:36:43	Jeremy Stanley	information type	Private Security	Public Security
2013-12-11 13:38:22	OpenStack Infra	keystone: status	Confirmed	In Progress
2013-12-11 13:38:22	OpenStack Infra	keystone: assignee	Steven Hardy (shardy)	Jeremy Stanley (fungi)
2013-12-11 13:57:57	Jeremy Stanley	keystone: assignee	Jeremy Stanley (fungi)	Steven Hardy (shardy)
2013-12-11 13:59:22	Thierry Carrez	nominated for series		keystone/havana
2013-12-11 13:59:22	Thierry Carrez	bug task added		keystone/havana
2013-12-11 14:00:30	OpenStack Infra	keystone/havana: status	New	In Progress
2013-12-11 14:00:30	OpenStack Infra	keystone/havana: assignee		Jeremy Stanley (fungi)
2013-12-11 14:01:09	Jeremy Stanley	keystone/havana: assignee	Jeremy Stanley (fungi)	Steven Hardy (shardy)
2013-12-11 15:04:21	Alan Pevec	keystone/havana: importance	Undecided	Critical
2013-12-11 15:05:12	Alan Pevec	keystone/havana: milestone		2013.2.1
2013-12-11 15:56:47	Jeremy Stanley	summary	ec2tokens API doesn't handle trust-scoped tokens correctly (CVE-2013-6391)	[OSSA 2013-032] Keystone trust circumvention through EC2-style tokens (CVE-2013-6391)
2013-12-13 07:45:56	OpenStack Infra	keystone: status	In Progress	Fix Committed
2013-12-14 01:02:47	OpenStack Infra	keystone/havana: status	In Progress	Fix Committed
2013-12-14 18:36:16	Jeremy Stanley	ossa: status	Fix Committed	Fix Released
2013-12-16 22:45:32	Alan Pevec	keystone/havana: status	Fix Committed	Fix Released
2013-12-17 20:34:10	Jamie Strandboge	cve linked		2013-4477
2013-12-18 19:41:10	Adam Gandelman	bug			added subscriber Adam Gandelman
2014-01-22 15:42:23	Thierry Carrez	keystone: status	Fix Committed	Fix Released
2014-01-22 15:42:23	Thierry Carrez	keystone: milestone		icehouse-2
2014-01-25 09:33:51	OpenStack Infra	tags		in-stable-grizzly
2014-03-20 20:02:30	Alan Pevec	tags	in-stable-grizzly
2014-03-20 20:05:15	Alan Pevec	nominated for series		keystone/grizzly
2014-03-20 20:05:16	Alan Pevec	bug task added		keystone/grizzly
2014-03-20 20:05:50	Alan Pevec	keystone/grizzly: status	New	Fix Committed
2014-03-20 20:05:50	Alan Pevec	keystone/grizzly: milestone		2013.1.5
2014-03-20 20:07:28	Alan Pevec	keystone/grizzly: importance	Undecided	Critical
2014-03-20 20:07:35	Alan Pevec	keystone/grizzly: assignee		Dolph Mathews (dolph)
2014-03-20 22:12:17	Alan Pevec	keystone/grizzly: status	Fix Committed	Fix Released
2014-04-17 07:58:15	Thierry Carrez	keystone: milestone	icehouse-2	2014.1