Your message dated Sat, 11 Jul 2026 10:32:47 +0000
with message-id <[email protected]>
and subject line Released in 13.6
has caused the Debian Bug report #1135936,
regarding trixie-pu: package keystone/2:27.0.0-3+deb13u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1135936: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135936
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:keystone
User: [email protected]
Usertags: pu

Hi,

The security team asked to go through Trixie p-u for this.

[ Reason ]
This version includes fixes for CVE-2026-40683 and CVE-2026-33551 (ie: LDAP
backend cannot disable users, and restricted application credentials can
create EC2 credentials).

[ Impact ]
As above: CVE issues.

[ Tests ]
The package contains unit tests for the added fixes. I'm confident there
will be no regression.

[ Risks ]
Trivial and very small patches. For LDAP, correctly detect the flag from
LDAP db. For EC2, modify the API policy.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

Please allow me to upload Keystone 27.0.0-3+deb13u3.

Cheers,

Thomas Goirand (zigo)

P.S: I know there's no 27.0.0-3+deb13u2, though there's been one in the
non-official osbpo.debian.net repository I maintain, so it's nicer to avoid
confustion and use +deb13u3.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 3.0 (quilt)
Source: keystone
Binary: keystone, keystone-doc, python3-keystone
Architecture: all
Version: 2:27.0.0-3+deb13u3
Maintainer: Debian OpenStack <[email protected]>
Uploaders:  Thomas Goirand <[email protected]>, Michal Arbet 
<[email protected]>,
Homepage: http://keystone.openstack.org/
Standards-Version: 4.4.1
Vcs-Browser: https://salsa.debian.org/openstack-team/services/keystone
Vcs-Git: https://salsa.debian.org/openstack-team/services/keystone.git
Testsuite: autopkgtest
Testsuite-Triggers: @builddeps@
Build-Depends: debhelper-compat (= 11), dh-apparmor, dh-python, 
openstack-pkg-tools (>= 133~), po-debconf, python3-all, python3-pbr, 
python3-setuptools, python3-sphinx
Build-Depends-Indep: git, python3-bashate, python3-bcrypt, python3-coverage, 
python3-cryptography, python3-dogpile.cache, python3-fixtures, python3-flask, 
python3-flask-restful, python3-freezegun, python3-hacking, python3-jsonschema, 
python3-jwt, python3-keystoneclient, python3-keystonemiddleware, python3-ldap, 
python3-ldappool, python3-lxml, python3-memcache, python3-msgpack, 
python3-oauthlib, python3-openstackdocstheme, python3-os-api-ref, 
python3-oslo.cache, python3-oslo.config, python3-oslo.context, python3-oslo.db, 
python3-oslo.i18n, python3-oslo.log, python3-oslo.messaging, 
python3-oslo.middleware, python3-oslo.policy (>= 4.5.0), 
python3-oslo.serialization, python3-oslo.upgradecheck, python3-oslo.utils, 
python3-oslotest, python3-osprofiler, python3-pycadf, python3-pymongo, 
python3-pysaml2, python3-requests, python3-scrypt, 
python3-sphinx-feature-classification, python3-sphinxcontrib.apidoc, 
python3-sphinxcontrib.blockdiag, python3-sphinxcontrib.seqdiag, 
python3-sqlalchemy, python3-stestr, python3-stevedore, python3-tempest, 
python3-testresources, python3-testscenarios, python3-testtools, python3-tz, 
python3-webob, python3-webtest, subunit, tempest, xmlsec1
Package-List:
 keystone deb net optional arch=all
 keystone-doc deb doc optional arch=all
 python3-keystone deb python optional arch=all
Checksums-Sha1:
 896a6f57c727fa62d0aec10d5c8844b40cc42bdb 1098444 keystone_27.0.0.orig.tar.xz
 1044ff9cb15dc3f97f725afe8ce2cccf33bcae36 47748 
keystone_27.0.0-3+deb13u3.debian.tar.xz
Checksums-Sha256:
 223b27dc676dabd6c9d67e4409fe086f92b5d47bf71ee8c724c3e0d13f26d635 1098444 
keystone_27.0.0.orig.tar.xz
 2446c16c806399e0fe546a76b7b866cd52159c7089d252462c6c76b0995b8768 47748 
keystone_27.0.0-3+deb13u3.debian.tar.xz
Files:
 d8119041a4ba1c4545ab5dabe9ae65b9 1098444 keystone_27.0.0.orig.tar.xz
 2ad9231f4a857a6686e235841a91ed51 47748 keystone_27.0.0-3+deb13u3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmn8ZZsACgkQ1BatFaxr
Q/7htRAAoapDZXW3V9Jb10ZbdYYpFxhDFEo7LcnFhBSCtA+TYqT6I+rc6x3l9k1c
fZrfWfe5pqf1NHlevzKG+JSC1LTxOrHAoRWVz+LZJHyTJyF480x811ZfrotJPZmj
UYBME65Hb4aCsDSNhu14oMuU7X784BOQawmHW48H4uKVwJ4Scl9HD6Bj1Z8bQTjs
weXaLhWU0WzMv7bVPYRCX5ZoWDtoMOlFlWPUy8Dc/2MW1BDLWcdfit4asXgBYYZQ
UF7OYtdwQCi+KvDu1Lutc9P51xqv4xmWnJpBGzUuo3Yx1mmN8WyPzO8R4jCNQBtK
QDZ+fv8SHyDblzFeeqswF8AZlWo+Kfj5UnQMZg6Qei+l9JZyFs3eCqj+x+HBLVds
UqJMXuKYWiBYlwrz8DPHAG+2R0wAfFobFaj1jgeVEdp162WI7dBnblTQnb/BuK7D
C4badwOUVlEK3OqhbF2cG+5OHRqUBIgy3MvgVlBhJiTHabiBlaGVNLKD4139gU4V
9GCZh8SoJ+l5M3ByGZ74FyP6gQqgmdhHru2wQv8uvZIFo8bfuiats9TrmsvoI2Kz
uCFPW/gkQ5pxQJ1+oR8IyUUcOVj+1w+W16g6BNQw1fH6LuMdTcQV5gdCOmkg9d27
Sk0a8s9I25QYOHXQDr7ctRH3Qyo+N048AoT8GpwLuPiRHpjkFgs=
=xp4q
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message ---
Version: 13.6

This update was released as part of 13.6.

--- End Message ---

Reply via email to