[Secure-testing-team] Bug#751454: keystone: CVE-2014-3476: privilege escalation through trust chained delegation
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 13 04:44:44 UTC 2014
Source: keystone
Severity: grave
Tags: security upstream patch
Justification: user security hole
Hi Thomas,
As you might know, the following vulnerability was published for
keystone.
CVE-2014-3476[0]:
privilege escalation through trust chained delegation
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-3476
[1 ]http://lists.openstack.org/pipermail/openstack-announce/2014-June/000240.html
Please adjust the affected versions in the BTS as needed. From the
advisory at least all version up to 2013.2.3, and 2014.1 to 2014.1.1
are affected.
Regards and thanks for your work,
Salvatore
More information about the Secure-testing-team
mailing list