Overview Details

File _patchinfo of Package patchinfo

<patchinfo>
  <issue id="821201" tracker="bnc">VUL-1: CVE-2013-2104: openstack-keystone: Missing expiration check in Keystone PKI token validation</issue>
  <issue id="823783" tracker="bnc">VUL-0: openstack-keystone: CVE-2013-2157: vulnerable Keystone LDAP backend authentication</issue>
  <issue id="CVE-2013-2157" tracker="cve" />
  <issue id="CVE-2013-2104" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>vuntz</packager>
  <description>This update of openstack-keystone fixes two security vulnerabilities.
- Add CVE-2013-2104.patch: fix missing expiration check in Keystone
  PKI token validation (CVE-2013-2104, bnc#821201)
- Add CVE-2013-2157.patch: fix authentication bypass when using
  LDAP backend (CVE-2013-2157, bnc#823783)
</description>
  <summary>update for openstack-keystone</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places