[Openstack-devel] Bug#722505: Bug#722505: keystone: CVE-CVE-2013-4294: Token revocation failure using Keystone memcache/KVS backends
Thomas Goirand
zigo at debian.org
Thu Sep 12 06:35:18 UTC 2013
On 09/12/2013 04:40 AM, Salvatore Bonaccorso wrote:
> Package: keystone
> Version: 2013.1.3-1
> Severity: important
> Tags: security patch upstream
>
> Hi,
>
> the following vulnerability was published for keystone.
>
> CVE-2013-4294[0]:
> Token revocation failure using Keystone memcache/KVS backends
>
> See furthermore [1] for upstream announce.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4294
> http://security-tracker.debian.org/tracker/CVE-2013-4294
> [1] http://lists.openstack.org/pipermail/openstack-announce/2013-September/000142.html
>
> Regards,
> Salvatore
Hi Salvatore.
Please note that this only affects Keystone in Sid/Jessie, since it
deals with PKI tokens, which is a feature added after the version in
Wheezy. Please update the tracker accordingly.
I have the patch, and I will update the package soon.
Thomas
More information about the Openstack-devel
mailing list