[Secure-testing-team] Bug#719290: keystone: CVE-2013-4222: Keystone disabling a tenant does not disable a user token
Salvatore Bonaccorso
carnil at debian.org
Sat Aug 10 08:21:12 UTC 2013
Package: keystone
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for keystone.
CVE-2013-4222[0]:
Keystone disabling a tenant does not disable a user token
See [1] and [2] for further reference.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-4222
[1] https://bugs.launchpad.net/ossn/+bug/1179955
[2] http://lists.openstack.org/pipermail/openstack-security/2013-August/000263.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list