Package: keystone Version: 2013.2-4 Severity: grave Tags: security upstream patch
Hi Thomas, the following vulnerability was published for keystone. CVE-2013-6391[0]: Keystone trust circumvention through EC2-style tokens Upstream bugreport is at [1]. keystone in wheezy does not seem to be affected, at least I have not found the vulnerable code (and upstream also says it affects only (grizzly), havana and later). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6391 http://security-tracker.debian.org/tracker/CVE-2013-6391 [1] https://launchpad.net/bugs/1242597 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1039164 Regards, and thanks for your work. Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
