Your message dated Wed, 12 Sep 2012 16:47:41 +0000
with message-id <e1tbq6h-0005xd...@franck.debian.org>
and subject line Bug#687428: fixed in keystone 2012.1.1-6
has caused the Debian Bug report #687428,
regarding CVE-2012-4413: Revoking a role does not affect existing tokens
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
687428: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687428
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: keystone
Version: 2012.1.1-5
Severity: grave
Title: Revoking a role does not affect existing tokens
Impact: High
Reporter: Dolph Mathews (Rackspace)
Products: Keystone
Affects: Essex, Folsom
Description:
Dolph Mathews reported a vulnerability in Keystone. Granting and
revoking roles from a user is not reflected upon token validation for
pre-existing tokens. Pre-existing tokens continue to be valid for the
original set of roles for the remainder of the token's lifespan, or
until explicitly invalidated. This fix invalidates all tokens held by
a user upon role grant/revoke to circumvent the issue.
--- End Message ---
--- Begin Message ---
Source: keystone
Source-Version: 2012.1.1-6
We believe that the bug you reported is fixed in the latest version of
keystone, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 687...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated keystone package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 09 Sep 2012 02:21:11 +0000
Source: keystone
Binary: python-keystone keystone keystone-doc
Architecture: source all
Version: 2012.1.1-6
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Description:
keystone - OpenStack identity service
keystone-doc - OpenStack identity service - documentation
python-keystone - OpenStack identity service - library
Closes: 687428
Changes:
keystone (2012.1.1-6) unstable; urgency=high
.
* CVE-2012-4413: Revoking a role does not affect existing tokens
(Closes: #687428).
Checksums-Sha1:
35f20c2c3155fe730e139b9b5b0972960c011acc 1898 keystone_2012.1.1-6.dsc
77598adfa87e9e992823b294400c24d89850f91c 21484
keystone_2012.1.1-6.debian.tar.gz
8000478332a7eb80fea7ccb2885af36250f23ce6 92106
python-keystone_2012.1.1-6_all.deb
352189c7828b8009909ef04de443a6e9aadb94f6 16188 keystone_2012.1.1-6_all.deb
6e4af9c779ae4baf012ee84764e251e3b4c2fd94 238588 keystone-doc_2012.1.1-6_all.deb
Checksums-Sha256:
82926c771762879549f321d45f61dd7e86c9578b04866f8d6c5a5aab5d1fef49 1898
keystone_2012.1.1-6.dsc
c1fcdae8521e9ecf20e981ccb28d23d637efe3e2908feb75d9553eb007c82181 21484
keystone_2012.1.1-6.debian.tar.gz
10539f0efafbd412f89c150fe4d7f183b02c58bd182351cd3f4c361ac38757a8 92106
python-keystone_2012.1.1-6_all.deb
5daff669579445e526abcbd7e3f56c648f2cfdcf1b33c33c413f9a2232fbeff7 16188
keystone_2012.1.1-6_all.deb
a21d911ae67794aa04a7dbc161ff6995680944b5576467b29b8541ed8ed35099 238588
keystone-doc_2012.1.1-6_all.deb
Files:
fa526b1da8d4c462968d7ce7f24d3861 1898 net extra keystone_2012.1.1-6.dsc
4de01f57c514360e7941b70de03de548 21484 net extra
keystone_2012.1.1-6.debian.tar.gz
924ddd38f56343be1510da33b764f073 92106 python extra
python-keystone_2012.1.1-6_all.deb
785254c5e5d23e44ed9957762d51ca55 16188 python extra keystone_2012.1.1-6_all.deb
f360094d06a1771885d601392730706a 238588 doc extra
keystone-doc_2012.1.1-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlBQubMACgkQl4M9yZjvmklhUgCePKEAocqOd0T2kp9TFcDKlGSI
RmIAnR8uaOX487MHzjtIXzy+Se0juWpG
=sCBZ
-----END PGP SIGNATURE-----
--- End Message ---
