--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:keystone
User: [email protected]
Usertags: pu
Hi,
The security team asked to go through Trixie p-u for this.
[ Reason ]
This version includes fixes for CVE-2026-40683 and CVE-2026-33551 (ie: LDAP
backend cannot disable users, and restricted application credentials can
create EC2 credentials).
[ Impact ]
As above: CVE issues.
[ Tests ]
The package contains unit tests for the added fixes. I'm confident there
will be no regression.
[ Risks ]
Trivial and very small patches. For LDAP, correctly detect the flag from
LDAP db. For EC2, modify the API policy.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
Please allow me to upload Keystone 27.0.0-3+deb13u3.
Cheers,
Thomas Goirand (zigo)
P.S: I know there's no 27.0.0-3+deb13u2, though there's been one in the
non-official osbpo.debian.net repository I maintain, so it's nicer to avoid
confustion and use +deb13u3.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 3.0 (quilt)
Source: keystone
Binary: keystone, keystone-doc, python3-keystone
Architecture: all
Version: 2:27.0.0-3+deb13u3
Maintainer: Debian OpenStack <[email protected]>
Uploaders: Thomas Goirand <[email protected]>, Michal Arbet
<[email protected]>,
Homepage: http://keystone.openstack.org/
Standards-Version: 4.4.1
Vcs-Browser: https://salsa.debian.org/openstack-team/services/keystone
Vcs-Git: https://salsa.debian.org/openstack-team/services/keystone.git
Testsuite: autopkgtest
Testsuite-Triggers: @builddeps@
Build-Depends: debhelper-compat (= 11), dh-apparmor, dh-python,
openstack-pkg-tools (>= 133~), po-debconf, python3-all, python3-pbr,
python3-setuptools, python3-sphinx
Build-Depends-Indep: git, python3-bashate, python3-bcrypt, python3-coverage,
python3-cryptography, python3-dogpile.cache, python3-fixtures, python3-flask,
python3-flask-restful, python3-freezegun, python3-hacking, python3-jsonschema,
python3-jwt, python3-keystoneclient, python3-keystonemiddleware, python3-ldap,
python3-ldappool, python3-lxml, python3-memcache, python3-msgpack,
python3-oauthlib, python3-openstackdocstheme, python3-os-api-ref,
python3-oslo.cache, python3-oslo.config, python3-oslo.context, python3-oslo.db,
python3-oslo.i18n, python3-oslo.log, python3-oslo.messaging,
python3-oslo.middleware, python3-oslo.policy (>= 4.5.0),
python3-oslo.serialization, python3-oslo.upgradecheck, python3-oslo.utils,
python3-oslotest, python3-osprofiler, python3-pycadf, python3-pymongo,
python3-pysaml2, python3-requests, python3-scrypt,
python3-sphinx-feature-classification, python3-sphinxcontrib.apidoc,
python3-sphinxcontrib.blockdiag, python3-sphinxcontrib.seqdiag,
python3-sqlalchemy, python3-stestr, python3-stevedore, python3-tempest,
python3-testresources, python3-testscenarios, python3-testtools, python3-tz,
python3-webob, python3-webtest, subunit, tempest, xmlsec1
Package-List:
keystone deb net optional arch=all
keystone-doc deb doc optional arch=all
python3-keystone deb python optional arch=all
Checksums-Sha1:
896a6f57c727fa62d0aec10d5c8844b40cc42bdb 1098444 keystone_27.0.0.orig.tar.xz
1044ff9cb15dc3f97f725afe8ce2cccf33bcae36 47748
keystone_27.0.0-3+deb13u3.debian.tar.xz
Checksums-Sha256:
223b27dc676dabd6c9d67e4409fe086f92b5d47bf71ee8c724c3e0d13f26d635 1098444
keystone_27.0.0.orig.tar.xz
2446c16c806399e0fe546a76b7b866cd52159c7089d252462c6c76b0995b8768 47748
keystone_27.0.0-3+deb13u3.debian.tar.xz
Files:
d8119041a4ba1c4545ab5dabe9ae65b9 1098444 keystone_27.0.0.orig.tar.xz
2ad9231f4a857a6686e235841a91ed51 47748 keystone_27.0.0-3+deb13u3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmn8ZZsACgkQ1BatFaxr
Q/7htRAAoapDZXW3V9Jb10ZbdYYpFxhDFEo7LcnFhBSCtA+TYqT6I+rc6x3l9k1c
fZrfWfe5pqf1NHlevzKG+JSC1LTxOrHAoRWVz+LZJHyTJyF480x811ZfrotJPZmj
UYBME65Hb4aCsDSNhu14oMuU7X784BOQawmHW48H4uKVwJ4Scl9HD6Bj1Z8bQTjs
weXaLhWU0WzMv7bVPYRCX5ZoWDtoMOlFlWPUy8Dc/2MW1BDLWcdfit4asXgBYYZQ
UF7OYtdwQCi+KvDu1Lutc9P51xqv4xmWnJpBGzUuo3Yx1mmN8WyPzO8R4jCNQBtK
QDZ+fv8SHyDblzFeeqswF8AZlWo+Kfj5UnQMZg6Qei+l9JZyFs3eCqj+x+HBLVds
UqJMXuKYWiBYlwrz8DPHAG+2R0wAfFobFaj1jgeVEdp162WI7dBnblTQnb/BuK7D
C4badwOUVlEK3OqhbF2cG+5OHRqUBIgy3MvgVlBhJiTHabiBlaGVNLKD4139gU4V
9GCZh8SoJ+l5M3ByGZ74FyP6gQqgmdhHru2wQv8uvZIFo8bfuiats9TrmsvoI2Kz
uCFPW/gkQ5pxQJ1+oR8IyUUcOVj+1w+W16g6BNQw1fH6LuMdTcQV5gdCOmkg9d27
Sk0a8s9I25QYOHXQDr7ctRH3Qyo+N048AoT8GpwLuPiRHpjkFgs=
=xp4q
-----END PGP SIGNATURE-----
--- End Message ---