2012-09-12 20:03:38 |
Russell Bryant |
bug |
|
|
added bug |
2012-09-12 20:03:44 |
Russell Bryant |
security vulnerability |
no |
yes |
|
2012-09-12 20:03:57 |
Russell Bryant |
bug |
|
|
added subscriber OpenStack Vulnerability Management team |
2012-09-12 20:04:07 |
Russell Bryant |
bug |
|
|
added subscriber Soren Hansen |
2012-09-12 20:06:22 |
Russell Bryant |
keystone: milestone |
|
folsom-rc1 |
|
2012-09-13 07:00:19 |
Thierry Carrez |
keystone: importance |
Undecided |
High |
|
2012-09-13 07:00:19 |
Thierry Carrez |
keystone: status |
New |
Incomplete |
|
2012-09-13 14:44:53 |
Dolph Mathews |
keystone: status |
Incomplete |
Confirmed |
|
2012-09-13 15:46:17 |
Joseph Heck |
keystone: importance |
High |
Medium |
|
2012-09-13 15:46:20 |
Joseph Heck |
keystone: milestone |
folsom-rc1 |
|
|
2012-09-13 15:47:34 |
Dolph Mathews |
keystone: assignee |
|
Dolph Mathews (dolph) |
|
2012-09-13 15:47:57 |
Thierry Carrez |
summary |
Potential problem with fix for "Revoking a role does not affect existing tokens (CVE-2012-4413)" |
Token invalidation in case of role grant/revoke should be limited to affected tenant |
|
2012-09-13 15:48:04 |
Thierry Carrez |
security vulnerability |
yes |
no |
|
2012-09-13 15:48:06 |
Thierry Carrez |
removed subscriber OpenStack Vulnerability Management team |
|
|
|
2012-09-13 15:48:55 |
Thierry Carrez |
description |
We just released this security advisory:
https://lists.launchpad.net/openstack/msg16659.html
Soren Hansen brought up a potential problem here:
https://lists.launchpad.net/openstack/msg16662.html
I'm filing it as a bug to ensure it gets reviewed and addressed. |
We just released this security advisory:
https://lists.launchpad.net/openstack/msg16659.html
Soren Hansen brought up a potential problem here:
https://lists.launchpad.net/openstack/msg16662.html
Although this can't be used as an attack vector (see comments below), token invalidation should really be limited to affected tenant. |
|
2012-09-13 15:51:12 |
Joseph Heck |
keystone: milestone |
|
folsom-rc1 |
|
2012-09-13 16:20:58 |
OpenStack Infra |
keystone: status |
Confirmed |
In Progress |
|
2012-09-13 21:20:09 |
OpenStack Infra |
keystone: status |
In Progress |
Fix Committed |
|
2012-09-13 21:50:12 |
Alan Pevec |
nominated for series |
|
keystone/essex |
|
2012-09-13 21:54:32 |
Joseph Heck |
bug task added |
|
keystone/essex |
|
2012-09-13 21:54:40 |
Joseph Heck |
keystone/essex: status |
New |
Fix Committed |
|
2012-09-13 21:54:45 |
Joseph Heck |
keystone/essex: importance |
Undecided |
Medium |
|
2012-09-13 21:56:20 |
Alan Pevec |
keystone/essex: assignee |
|
Alan Pevec (apevec) |
|
2012-09-13 21:56:48 |
Alan Pevec |
keystone/essex: status |
Fix Committed |
In Progress |
|
2012-09-13 22:04:44 |
Joseph Heck |
tags |
|
essexbackport |
|
2012-09-13 22:05:19 |
Joseph Heck |
tags |
essexbackport |
essex-backport |
|
2012-09-14 08:38:12 |
OpenStack Infra |
keystone/essex: status |
In Progress |
Fix Committed |
|
2012-09-14 14:37:12 |
Thierry Carrez |
keystone: status |
Fix Committed |
Fix Released |
|
2012-09-27 15:05:33 |
Thierry Carrez |
keystone: milestone |
folsom-rc1 |
2012.2 |
|
2012-10-09 20:07:09 |
Mark McLoughlin |
keystone/essex: milestone |
|
2012.1.3 |
|
2012-10-11 19:40:44 |
Mark McLoughlin |
keystone/essex: status |
Fix Committed |
Fix Released |
|
2012-12-11 09:38:42 |
Yolanda Robla |
keystone (Ubuntu): status |
New |
Fix Released |
|
2012-12-11 09:57:45 |
Yolanda Robla |
nominated for series |
|
Ubuntu Precise |
|
2012-12-11 13:50:45 |
Launchpad Janitor |
branch linked |
|
lp:~openstack-ubuntu-testing/keystone/precise-essex-proposed |
|
2012-12-12 19:20:25 |
Adam Gandelman |
bug task added |
|
keystone (Ubuntu Precise) |
|
2012-12-12 19:20:34 |
Adam Gandelman |
keystone (Ubuntu Precise): status |
New |
Confirmed |
|
2012-12-18 11:27:43 |
Launchpad Janitor |
branch linked |
|
lp:~yolanda.robla/ubuntu/precise/keystone/essex-sru |
|
2013-05-09 23:25:06 |
Brian Murray |
keystone (Ubuntu Precise): status |
Confirmed |
Fix Committed |
|
2013-05-09 23:25:09 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2013-05-09 23:25:12 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2013-05-09 23:25:19 |
Brian Murray |
tags |
essex-backport |
essex-backport verification-needed |
|
2013-05-09 23:47:29 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-proposed/keystone |
|
2013-05-16 07:44:18 |
Yolanda Robla |
attachment added |
|
2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.log https://bugs.launchpad.net/bugs/1050025/+attachment/3678052/+files/2012.1.3%2Bstable-20130423-f48dd0fc-0ubuntu1.log |
|
2013-05-16 07:45:42 |
Yolanda Robla |
tags |
essex-backport verification-needed |
essex-backport verification-done |
|
2013-05-16 17:27:16 |
Scott Kitterman |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2013-05-16 17:28:30 |
Launchpad Janitor |
keystone (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
2013-05-16 17:28:30 |
Launchpad Janitor |
cve linked |
|
2012-3542 |
|
2013-05-16 17:28:30 |
Launchpad Janitor |
cve linked |
|
2012-4413 |
|
2013-05-16 17:28:30 |
Launchpad Janitor |
cve linked |
|
2012-5571 |
|
2013-05-16 17:28:30 |
Launchpad Janitor |
cve linked |
|
2013-0247 |
|
2013-05-16 17:28:30 |
Launchpad Janitor |
cve linked |
|
2013-0282 |
|
2013-05-16 17:28:30 |
Launchpad Janitor |
cve linked |
|
2013-1664 |
|