Taking care of Keystone in Stretch and Jessie

To: debian-lts@lists.debian.org
Subject: Taking care of Keystone in Stretch and Jessie
From: Thomas Goirand <zigo@debian.org>
Date: Thu, 14 May 2020 19:08:55 +0200
Message-id: <[🔎] f0bc7896-fde1-ef82-412a-dcee053e82f9@debian.org>

Hi team!

I released an update of Keystone for a quite serious problem related to
ec2 credentials where a user can become admin. I was able to fix the
last 4 releases of OpenStack. Though I don't have the energy to
investigate these CVEs in Stretch and Jessie. Probably Keystone over
there isn't even affected, I don't know.

Is anyone interested to do the work? If so, best would be to look at the
4 patches I added to the security release of Keystone in Buster.

Cheers,

Thomas Goirand (zigo)

Reply to:

Follow-Ups:
- Re: Taking care of Keystone in Stretch and Jessie
  - From: Sylvain Beucler <beuc@beuc.net>

Prev by Date: Re: Jessie update of openconnect?
Next by Date: Re: Jessie update of apt?
Previous by thread: Re: Jessie update of openconnect?
Next by thread: Re: Taking care of Keystone in Stretch and Jessie
Index(es):
- Date
- Thread