[Openstack-devel] Bug#713819: Bug#713819: Bug#713819: python-keystoneclient: CVE-2013-2166 CVE-2013-2167: Issues in Keystone middleware memcache signing/encryption feature
Thomas Goirand
zigo at debian.org
Sun Jun 23 12:46:10 UTC 2013
On 06/23/2013 01:01 PM, Prach Pongpanich wrote:
> On Sun, Jun 23, 2013 at 3:52 AM, Salvatore Bonaccorso <carnil at debian.org> wrote:
>> Package: python-keystoneclient
>> Severity: grave
>> Tags: security upstream patch
>>
>> Hi,
>>
>> the following vulnerabilities were published for python-keystoneclient.
>>
>> CVE-2013-2166[0]:
>> middleware memcache encryption bypass
>>
>> CVE-2013-2167[1]:
>> middleware memcache signing bypass
>>
>> See [2] for further reference.
>>
>> If you fix the vulnerabilities please also make sure to include the
>> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
>>
>
> Hi,
>
> I've committed to fix this bug [1].
>
> [1] http://anonscm.debian.org/gitweb/?p=openstack/python-keystoneclient.git
>
> Regrads,
> Prach
Thanks. Uploaded.
Though I've noticed that some of the unit tests are failing after
applying the patch (3 failures). I don't know if that is expected or
not... though for what I'm doing, the client worked (keystone
service-list, keystone tenant-list, etc. worked)
Thomas
More information about the Openstack-devel
mailing list