File _patchinfo of Package patchinfo
<patchinfo>
<issue id="821201" tracker="bnc">VUL-1: CVE-2013-2104: openstack-keystone: Missing expiration check in Keystone PKI token validation</issue>
<issue id="823783" tracker="bnc">VUL-0: openstack-keystone: CVE-2013-2157: vulnerable Keystone LDAP backend authentication</issue>
<issue id="CVE-2013-2157" tracker="cve" />
<issue id="CVE-2013-2104" tracker="cve" />
<category>security</category>
<rating>moderate</rating>
<packager>vuntz</packager>
<description>This update of openstack-keystone fixes two security vulnerabilities.
- Add CVE-2013-2104.patch: fix missing expiration check in Keystone
PKI token validation (CVE-2013-2104, bnc#821201)
- Add CVE-2013-2157.patch: fix authentication bypass when using
LDAP backend (CVE-2013-2157, bnc#823783)
</description>
<summary>update for openstack-keystone</summary>
</patchinfo>