Bug 971746

Summary: CVE-2013-2013 OpenStack keystone: password disclosure on command line [RDO]
Product: [Community] RDO Reporter: Alan Pevec <apevec>
Component: python-keystoneclientAssignee: Jakub Ruzicka <jruzicka>
Status: CLOSED CURRENTRELEASE QA Contact: yeylon <yeylon>
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: ayoung, bsettle, dpal, jlieskov, kseifried, srevivo
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: python-keystoneclient-0.2.3-6.fc19 Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: 957035 Environment:
Last Closed: 2016-03-30 23:08:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 957033    

Description Alan Pevec 2013-06-07 08:25:05 UTC 
(Kurt, I hope you're ok with this manual CVE clone, I've edited description to fit RDO i.e. no Bodhi etc.)

+++ This bug was initially created as a clone of Bug #957035 +++

This is an automatically created tracking bug!  It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of RDO.

For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.

Please also mention the CVE IDs being fixed in the RPM changelog.

RDO tracking bug for openstack-keystone: see blocks bug list for full details of the security issue(s).

[bug MANUALLY created by: apevec]
Comment 1 Jan Lieskovsky 2013-06-07 11:43:15 UTC 
(In reply to Alan Pevec from comment #0)
> (Kurt, I hope you're ok with this manual CVE clone, I've edited description
> to fit RDO i.e. no Bodhi etc.)
> 

Thank you, Alan. Should be fine. Noticed python-keystoneclient in Fedora (17, 18, Rawhide would be affected based on https://review.openstack.org/#/c/28702/6/keystoneclient/v2_0/shell.py,unified change).

Looks bug #957034 will be used for Fedora updates (despite originally reported against openstack-keystone). Created Rawhide one yet:
  https://bugzilla.redhat.com/show_bug.cgi?id=957033#c6
Comment 2 Jakub Ruzicka 2013-07-29 15:07:58 UTC 
Updated packages with fix were pushed to RDO repos.
Comment 3 Dmitri Pal 2013-08-27 20:20:21 UTC 
This should probably be closed because errata was released.