Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected] Control: affects -1 + src:keystone User: [email protected] Usertags: pu
Hi, The security team asked to go through Trixie p-u for this. [ Reason ] This version includes fixes for CVE-2026-40683 and CVE-2026-33551 (ie: LDAP backend cannot disable users, and restricted application credentials can create EC2 credentials). [ Impact ] As above: CVE issues. [ Tests ] The package contains unit tests for the added fixes. I'm confident there will be no regression. [ Risks ] Trivial and very small patches. For LDAP, correctly detect the flag from LDAP db. For EC2, modify the API policy. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable Please allow me to upload Keystone 27.0.0-3+deb13u3. Cheers, Thomas Goirand (zigo) P.S: I know there's no 27.0.0-3+deb13u2, though there's been one in the non-official osbpo.debian.net repository I maintain, so it's nicer to avoid confustion and use +deb13u3.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: keystone Binary: keystone, keystone-doc, python3-keystone Architecture: all Version: 2:27.0.0-3+deb13u3 Maintainer: Debian OpenStack <[email protected]> Uploaders: Thomas Goirand <[email protected]>, Michal Arbet <[email protected]>, Homepage: http://keystone.openstack.org/ Standards-Version: 4.4.1 Vcs-Browser: https://salsa.debian.org/openstack-team/services/keystone Vcs-Git: https://salsa.debian.org/openstack-team/services/keystone.git Testsuite: autopkgtest Testsuite-Triggers: @builddeps@ Build-Depends: debhelper-compat (= 11), dh-apparmor, dh-python, openstack-pkg-tools (>= 133~), po-debconf, python3-all, python3-pbr, python3-setuptools, python3-sphinx Build-Depends-Indep: git, python3-bashate, python3-bcrypt, python3-coverage, python3-cryptography, python3-dogpile.cache, python3-fixtures, python3-flask, python3-flask-restful, python3-freezegun, python3-hacking, python3-jsonschema, python3-jwt, python3-keystoneclient, python3-keystonemiddleware, python3-ldap, python3-ldappool, python3-lxml, python3-memcache, python3-msgpack, python3-oauthlib, python3-openstackdocstheme, python3-os-api-ref, python3-oslo.cache, python3-oslo.config, python3-oslo.context, python3-oslo.db, python3-oslo.i18n, python3-oslo.log, python3-oslo.messaging, python3-oslo.middleware, python3-oslo.policy (>= 4.5.0), python3-oslo.serialization, python3-oslo.upgradecheck, python3-oslo.utils, python3-oslotest, python3-osprofiler, python3-pycadf, python3-pymongo, python3-pysaml2, python3-requests, python3-scrypt, python3-sphinx-feature-classification, python3-sphinxcontrib.apidoc, python3-sphinxcontrib.blockdiag, python3-sphinxcontrib.seqdiag, python3-sqlalchemy, python3-stestr, python3-stevedore, python3-tempest, python3-testresources, python3-testscenarios, python3-testtools, python3-tz, python3-webob, python3-webtest, subunit, tempest, xmlsec1 Package-List: keystone deb net optional arch=all keystone-doc deb doc optional arch=all python3-keystone deb python optional arch=all Checksums-Sha1: 896a6f57c727fa62d0aec10d5c8844b40cc42bdb 1098444 keystone_27.0.0.orig.tar.xz 1044ff9cb15dc3f97f725afe8ce2cccf33bcae36 47748 keystone_27.0.0-3+deb13u3.debian.tar.xz Checksums-Sha256: 223b27dc676dabd6c9d67e4409fe086f92b5d47bf71ee8c724c3e0d13f26d635 1098444 keystone_27.0.0.orig.tar.xz 2446c16c806399e0fe546a76b7b866cd52159c7089d252462c6c76b0995b8768 47748 keystone_27.0.0-3+deb13u3.debian.tar.xz Files: d8119041a4ba1c4545ab5dabe9ae65b9 1098444 keystone_27.0.0.orig.tar.xz 2ad9231f4a857a6686e235841a91ed51 47748 keystone_27.0.0-3+deb13u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmn8ZZsACgkQ1BatFaxr Q/7htRAAoapDZXW3V9Jb10ZbdYYpFxhDFEo7LcnFhBSCtA+TYqT6I+rc6x3l9k1c fZrfWfe5pqf1NHlevzKG+JSC1LTxOrHAoRWVz+LZJHyTJyF480x811ZfrotJPZmj UYBME65Hb4aCsDSNhu14oMuU7X784BOQawmHW48H4uKVwJ4Scl9HD6Bj1Z8bQTjs weXaLhWU0WzMv7bVPYRCX5ZoWDtoMOlFlWPUy8Dc/2MW1BDLWcdfit4asXgBYYZQ UF7OYtdwQCi+KvDu1Lutc9P51xqv4xmWnJpBGzUuo3Yx1mmN8WyPzO8R4jCNQBtK QDZ+fv8SHyDblzFeeqswF8AZlWo+Kfj5UnQMZg6Qei+l9JZyFs3eCqj+x+HBLVds UqJMXuKYWiBYlwrz8DPHAG+2R0wAfFobFaj1jgeVEdp162WI7dBnblTQnb/BuK7D C4badwOUVlEK3OqhbF2cG+5OHRqUBIgy3MvgVlBhJiTHabiBlaGVNLKD4139gU4V 9GCZh8SoJ+l5M3ByGZ74FyP6gQqgmdhHru2wQv8uvZIFo8bfuiats9TrmsvoI2Kz uCFPW/gkQ5pxQJ1+oR8IyUUcOVj+1w+W16g6BNQw1fH6LuMdTcQV5gdCOmkg9d27 Sk0a8s9I25QYOHXQDr7ctRH3Qyo+N048AoT8GpwLuPiRHpjkFgs= =xp4q -----END PGP SIGNATURE-----
