Candidate: CVE-2012-0805
PublicDate: 2012-06-05 22:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0805
Description:
 Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as
 used in Keystone, allow remote attackers to execute arbitrary SQL commands
 via the (1) limit or (2) offset keyword to the select function, or
 unspecified vectors to the (3) select.limit or (4) select.offset function.
Ubuntu-Description: 
Notes: 
 jdstrand> Keystone on 11.10 is a pre-release version and unusable with other
  components such as nova and horizon
Bugs: 
 https://bugzilla.redhat.com/show_bug.cgi?id=783305
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_sqlalchemy:
 other: http://hg.sqlalchemy.org/sqlalchemy/rev/38935f1915a2
 vendor: https://rhn.redhat.com/errata/RHSA-2012-0369.html
 vendor: http://www.debian.org/security/2012/dsa-2449
upstream_sqlalchemy: released (0.6.7, 0.7.0b)
hardy_sqlalchemy: ignored (reached endo-of-life)
lucid_sqlalchemy: ignored (reached end-of-life)
maverick_sqlalchemy: ignored (reached endo-of-life)
natty_sqlalchemy: ignored (reached end-of-life)
oneiric_sqlalchemy: not-affected (0.6.8-1)
precise_sqlalchemy: not-affected (0.7.4-1)
quantal_sqlalchemy: not-affected (0.7.4-1)
raring_sqlalchemy: not-affected (0.7.4-1)
saucy_sqlalchemy: not-affected (0.7.4-1)
devel_sqlalchemy: not-affected (0.7.4-1)

Patches_keystone:
 other: https://github.com/openstack/keystone/commit/45b36369a39e5e3cde6453312d73f85268dcd372%0A
upstream_keystone: needs-triage
hardy_keystone: DNE
lucid_keystone: DNE
maverick_keystone: DNE
natty_keystone: DNE
oneiric_keystone: ignored
precise_keystone: not-affected (code-not-present)
quantal_keystone: not-affected (code-not-present)
raring_keystone: not-affected (code-not-present)
saucy_keystone: not-affected (code-not-present)
devel_keystone: not-affected (code-not-present)