Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
417e7d5b by Moritz Muehlenhoff at 2026-01-15T23:02:02+01:00
CVE-2026-22797 / python-keystonemiddleware only affects trixie
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -245,6 +245,8 @@ CVE-2021-47752 (AWebServer GhostBuilding 18 contains a
denial of service vulnera
NOT-FOR-US: AWebServer GhostBuilding
CVE-2026-22797 [Privilege Escalation via Identity Headers in External OAuth2
Tokens]
- python-keystonemiddleware <unfixed> (bug #1125680)
+ [bookworm] - python-keystonemiddleware <not-affected> (Vulnerable code
not present)
+ [bullseye] - python-keystonemiddleware <not-affected> (Vulnerable code
not present)
NOTE: https://www.openwall.com/lists/oss-security/2026/01/15/1
NOTE: https://bugs.launchpad.net/keystonemiddleware/+bug/2129018
CVE-2026-0708
=====================================
data/dsa-needed.txt
=====================================
@@ -57,6 +57,8 @@ python-aiohttp
--
python-django
--
+python-keystonemiddleware/stable (jmm)
+--
python-urllib3 (carnil)
--
python-tornado
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/417e7d5b2896c6243723b6443a9c17445a6f8cc8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/417e7d5b2896c6243723b6443a9c17445a6f8cc8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
