Bug 910221
Summary: | CVE-2013-1664 CVE-2013-1665 OpenStack keystone: XML entity parsing | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> | ||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
Status: | CLOSED DUPLICATE | QA Contact: | |||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | unspecified | CC: | apevec, ayoung, cpelland, markmc, psedlak, rbryant, security-response-team | ||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2013-03-04 19:17:51 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 910226, 910227 | ||||||||||
Bug Blocks: | 910225, 912982, 913808 | ||||||||||
Attachments: |
|
Description
Kurt Seifried
2013-02-12 03:52:26 UTC
Created attachment 696350 [details]
keystone-essex-CVE-2013-0278.patch
Created attachment 696351 [details]
keystone-folsom-CVE-2013-0278.patch
Created attachment 696352 [details]
keystone-grizzly-CVE-2013-0278.patch
Published today http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html but note upstream went with different CVEs: CVE-2013-1664, CVE-2013-1665 Which CVE# do you want me to use in RPM changelog? As per http://seclists.org/oss-sec/2013/q1/340 please REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280 and use CVE-2013-1664, CVE-2013-1665 for OpenStack. (In reply to comment #6) > Published today > http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078. > html > but note upstream went with different CVEs: CVE-2013-1664, CVE-2013-1665 > > Which CVE# do you want me to use in RPM changelog? Mitre is actually formulating new CVE assigning policy for messes like this, once that is done I will be assigning CVEs and this will be sorted. Acknowledgements: Red Hat would like to thank the OpenStack project for reporting these issues. Upstream acknowledges Jonathan Murray (NCC Group), Joshua Harlow (Yahoo!), and Stuart Stent as the original, independent reporters of these issues. *** This bug has been marked as a duplicate of bug 913808 *** openstack-keystone-2012.2.3-3.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. openstack-keystone-2012.2.3-4.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. |