Package "barbican-common"

Name:	barbican-common
Description:	OpenStack Key Management Service - common files
Latest version:	1:6.0.1-0ubuntu1.2
Release:	bionic (18.04)
Level:	updates
Repository:	main
Head package:	barbican
Homepage:	https://github.com/openstack/barbican

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "barbican-common"

All arch deb package

APT INSTALL

Other versions of "barbican-common" in Bionic

Repository	Area	Version
base	main	1:6.0.0-0ubuntu1
security	main	1:6.0.1-0ubuntu1.2

Changelog

Version: 1:6.0.1-0ubuntu1.2 2022-10-25 14:07:13 UTC

barbican (1:6.0.1-0ubuntu1.2) bionic-security; urgency=medium * SECURITY UPDATE: access policy bypass via query string injection - debian/patches/CVE-2022-3100.patch: don't use contents of query string in barbican/api/controllers/__init__.py. - CVE-2022-3100 -- Marc Deslauriers <email address hidden> Wed, 05 Oct 2022 09:35:33 -0400

Source diff to previous version

CVE-2022-3100

access policy bypass via query string injection

Version: 1:6.0.1-0ubuntu1.1 2022-04-25 16:06:21 UTC

Version: 1:6.0.1-0ubuntu1.1	2022-04-25 16:06:21 UTC
barbican (1:6.0.1-0ubuntu1.1) bionic-security; urgency=medium * SECURITY UPDATE: Access restrictions bypass - debian/patches/CVE-2022-23451.patch: Change access policies to secret metadata in barbican/common/policies/secretmeta.py. Add a new role in barbican/common/policies/base.py and make use of these changes in barbican/api/controllers/__init__.py, barbican/api/controllers/secretmeta.py and barbican/api/controllers/secrets.py. - debian/patches/CVE-2022-23451-post.patch: Change secret policies in barbican/common/policies/secrets.py, add tests in barbican/tests/api/test_resources_policy.py and functionaltests/api/v1/functional/test_secrets_rbac.py and update api guide in api-guide/source/acls.rst. - CVE-2022-23451 * SECURITY UPDATE: Ownership bypass - debian/patches/CVE-2022-23452.patch: Update container secret policies in barbican/common/policies/containers.py and add a new role in barbican/common/policies/base.py. - CVE-2022-23452 -- Rodrigo Figueiredo Zaiden <email address hidden> Thu, 21 Apr 2022 10:52:20 -0300
Source diff to previous version

barbican (1:6.0.1-0ubuntu1.1) bionic-security; urgency=medium * SECURITY UPDATE: Access restrictions bypass - debian/patches/CVE-2022-23451.patch: Change access policies to secret metadata in barbican/common/policies/secretmeta.py. Add a new role in barbican/common/policies/base.py and make use of these changes in barbican/api/controllers/__init__.py, barbican/api/controllers/secretmeta.py and barbican/api/controllers/secrets.py. - debian/patches/CVE-2022-23451-post.patch: Change secret policies in barbican/common/policies/secrets.py, add tests in barbican/tests/api/test_resources_policy.py and functionaltests/api/v1/functional/test_secrets_rbac.py and update api guide in api-guide/source/acls.rst. - CVE-2022-23451 * SECURITY UPDATE: Ownership bypass - debian/patches/CVE-2022-23452.patch: Update container secret policies in barbican/common/policies/containers.py and add a new role in barbican/common/policies/base.py. - CVE-2022-23452 -- Rodrigo Figueiredo Zaiden <email address hidden> Thu, 21 Apr 2022 10:52:20 -0300

Source diff to previous version

Version: 1:6.0.1-0ubuntu1	2018-12-18 23:06:47 UTC
`barbican (1:6.0.1-0ubuntu1) bionic; urgency=medium * d/gbp.conf: Create stable/queens branch. * New stable point release for OpenStack Queens (LP: #1806043). -- Corey Bryant <email address hidden> Mon, 03 Dec 2018 09:15:09 -0500`

About - Send Feedback to @ubuntu_updates

Package "barbican-common"

Links

Download "barbican-common"

Other versions of "barbican-common" in Bionic

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

PPA updates