[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Taking care of Keystone in Stretch and Jessie

Hi Thomas,

On 14/05/2020 19:08, Thomas Goirand wrote:
> I released an update of Keystone for a quite serious problem related to
> ec2 credentials where a user can become admin. I was able to fix the
> last 4 releases of OpenStack. Though I don't have the energy to
> investigate these CVEs in Stretch and Jessie. Probably Keystone over
> there isn't even affected, I don't know.
> Is anyone interested to do the work? If so, best would be to look at the
> 4 patches I added to the security release of Keystone in Buster.

Thanks for the info.

OpenStack was recently marked EOL in Jessie, citing a 2015 message from
you actually:
Does that sound OK?

Stretch is still maintained by Debian Security team (though LTS will
take over within a couple months), adding them in Cc: to discuss what to
do in Stretch.

Sylvain Beucler
Debian LTS Team

Reply to: