Re: Taking care of Keystone in Stretch and Jessie
On 14/05/2020 19:08, Thomas Goirand wrote:
> I released an update of Keystone for a quite serious problem related to
> ec2 credentials where a user can become admin. I was able to fix the
> last 4 releases of OpenStack. Though I don't have the energy to
> investigate these CVEs in Stretch and Jessie. Probably Keystone over
> there isn't even affected, I don't know.
> Is anyone interested to do the work? If so, best would be to look at the
> 4 patches I added to the security release of Keystone in Buster.
Thanks for the info.
OpenStack was recently marked EOL in Jessie, citing a 2015 message from
Does that sound OK?
Stretch is still maintained by Debian Security team (though LTS will
take over within a couple months), adding them in Cc: to discuss what to
do in Stretch.
Debian LTS Team