[Secure-testing-team] Bug#713819: python-keystoneclient: CVE-2013-2166 CVE-2013-2167: Issues in Keystone middleware memcache signing/encryption feature
Salvatore Bonaccorso
carnil at debian.org
Sat Jun 22 20:52:26 UTC 2013
Package: python-keystoneclient
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerabilities were published for python-keystoneclient.
CVE-2013-2166[0]:
middleware memcache encryption bypass
CVE-2013-2167[1]:
middleware memcache signing bypass
See [2] for further reference.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2166
http://security-tracker.debian.org/tracker/CVE-2013-2166
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2167
http://security-tracker.debian.org/tracker/CVE-2013-2167
[2] http://marc.info/?l=oss-security&m=137165644225629&w=2
According to the advisory it should affect only upstream 0.2.3 to 0.2.5.
Could you please doublecheck this and adjust found version for the BTS?
Regards,
Salvatore
More information about the Secure-testing-team
mailing list