[Openstack-devel] Bug#713819: Bug#713819: python-keystoneclient: CVE-2013-2166 CVE-2013-2167: Issues in Keystone middleware memcache signing/encryption feature
Prach Pongpanich
prachpub at gmail.com
Sun Jun 23 05:01:22 UTC 2013
On Sun, Jun 23, 2013 at 3:52 AM, Salvatore Bonaccorso <carnil at debian.org> wrote:
> Package: python-keystoneclient
> Severity: grave
> Tags: security upstream patch
>
> Hi,
>
> the following vulnerabilities were published for python-keystoneclient.
>
> CVE-2013-2166[0]:
> middleware memcache encryption bypass
>
> CVE-2013-2167[1]:
> middleware memcache signing bypass
>
> See [2] for further reference.
>
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
>
Hi,
I've committed to fix this bug [1].
[1] http://anonscm.debian.org/gitweb/?p=openstack/python-keystoneclient.git
Regrads,
Prach
More information about the Openstack-devel
mailing list