Summary: | sys-auth/keystone: Missing expiration check in Keystone PKI token validation (CVE-2013-2104) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=965852 | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-05-29 12:33:41 UTC
I already fixed sys-auth/keystone (check the changelog). As far as python-keystoneclient goes, they haven't released a patch against 0.2.3. If anyone can generate a patchset for it I'm all ears :D. fully fixed in both sys-auth/keystone-2012.2.4-r4 and dev-python/keystoneclient-0.2.4 It's been fixed, no vulnerable ebuilds in tree. Closing noglsa. |