yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1347961] Re: [OSSA 2014-026] Revocation events are broken with mysql (CVE-2014-5251)

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 04 Sep 2014 14:31:18 -0000
Reply-to: Bug 1347961 <1347961@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1347961

Title:
  [OSSA 2014-026] Revocation events are broken with mysql
  (CVE-2014-5251)

Status in OpenStack Identity (Keystone):
  Fix Released
Status in Keystone icehouse series:
  Fix Released
Status in OpenStack Security Advisories:
  Fix Released

Bug description:
  Since mysql only stores timestamps with an accuracy of seconds rather
  than microseconds, doing comparisons of token expiration times will
  fail and tokens will not show up as being revoked.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1347961/+subscriptions

References

[Bug 1347961] [NEW] Revocation events are broken with mysql
From: Brant Knudson, 2014-07-23