File: bug-1490804-87c0ff8e764945c1.yaml

package info (click to toggle)
python-keystonemiddleware 10.9.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 1,288 kB
  • sloc: python: 10,017; makefile: 93; sh: 2
file content (15 lines) | stat: -rw-r--r-- 677 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
 
---
features:
  - >
    [`bug 1490804 <https://bugs.launchpad.net/keystone/+bug/1490804>`_]
    The auth_token middleware validates the token's audit IDs during offline
    token validation if the Identity server includes audit IDs in the token
    revocation list.
security:
  - >
    [`bug 1490804 <https://bugs.launchpad.net/keystone/+bug/1490804>`_]
    [`CVE-2015-7546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546>`_]
    A bug is fixed where an attacker could avoid token revocation when the PKI
    or PKIZ token provider is used. The complete remediation for this
    vulnerability requires the corresponding fix in the Identity (keystone)
    project.