Red Hat Bugzilla – Bug 971746
CVE-2013-2013 OpenStack keystone: password disclosure on command line [RDO]
Last modified: 2016-04-18 03:13:08 EDT
(Kurt, I hope you're ok with this manual CVE clone, I've edited description to fit RDO i.e. no Bodhi etc.)
+++ This bug was initially created as a clone of Bug #957035 +++
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
Please also mention the CVE IDs being fixed in the RPM changelog.
RDO tracking bug for openstack-keystone: see blocks bug list for full details of the security issue(s).
[bug MANUALLY created by: apevec]
(In reply to Alan Pevec from comment #0)
> (Kurt, I hope you're ok with this manual CVE clone, I've edited description
> to fit RDO i.e. no Bodhi etc.)
Thank you, Alan. Should be fine. Noticed python-keystoneclient in Fedora (17, 18, Rawhide would be affected based on https://review.openstack.org/#/c/28702/6/keystoneclient/v2_0/shell.py,unified change).
Looks bug #957034 will be used for Fedora updates (despite originally reported against openstack-keystone). Created Rawhide one yet:
Updated packages with fix were pushed to RDO repos.
This should probably be closed because errata was released.