Bug 971746 - CVE-2013-2013 OpenStack keystone: password disclosure on command line [RDO]
CVE-2013-2013 OpenStack keystone: password disclosure on command line [RDO]
Status: CLOSED CURRENTRELEASE
Product: RDO
Classification: Community
Component: python-keystoneclient (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Jakub Ruzicka
yeylon@redhat.com
: Security, SecurityTracking
Depends On:
Blocks: CVE-2013-2013
  Show dependency treegraph
 
Reported: 2013-06-07 04:25 EDT by Alan Pevec
Modified: 2016-04-18 03:13 EDT (History)
6 users (show)

See Also:
Fixed In Version: python-keystoneclient-0.2.3-6.fc19
Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: 957035
Environment:
Last Closed: 2016-03-30 19:08:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Alan Pevec 2013-06-07 04:25:05 EDT
(Kurt, I hope you're ok with this manual CVE clone, I've edited description to fit RDO i.e. no Bodhi etc.)

+++ This bug was initially created as a clone of Bug #957035 +++

This is an automatically created tracking bug!  It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of RDO.

For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.

Please also mention the CVE IDs being fixed in the RPM changelog.

RDO tracking bug for openstack-keystone: see blocks bug list for full details of the security issue(s).

[bug MANUALLY created by: apevec]
Comment 1 Jan Lieskovsky 2013-06-07 07:43:15 EDT
(In reply to Alan Pevec from comment #0)
> (Kurt, I hope you're ok with this manual CVE clone, I've edited description
> to fit RDO i.e. no Bodhi etc.)
> 

Thank you, Alan. Should be fine. Noticed python-keystoneclient in Fedora (17, 18, Rawhide would be affected based on https://review.openstack.org/#/c/28702/6/keystoneclient/v2_0/shell.py,unified change).

Looks bug #957034 will be used for Fedora updates (despite originally reported against openstack-keystone). Created Rawhide one yet:
  https://bugzilla.redhat.com/show_bug.cgi?id=957033#c6
Comment 2 Jakub Ruzicka 2013-07-29 11:07:58 EDT
Updated packages with fix were pushed to RDO repos.
Comment 3 Dmitri Pal 2013-08-27 16:20:21 EDT
This should probably be closed because errata was released.

Note You need to log in before you can comment on or make changes to this bug.