Re: Taking care of Keystone in Stretch and Jessie

To: Thomas Goirand <zigo@debian.org>, debian-lts@lists.debian.org, Debian Security Team <team@security.debian.org>
Subject: Re: Taking care of Keystone in Stretch and Jessie
From: Sylvain Beucler <beuc@beuc.net>
Date: Fri, 15 May 2020 15:12:50 +0200
Message-id: <[🔎] 46ebfa49-28bc-ace2-2272-9fd33f187ff5@beuc.net>
In-reply-to: <[🔎] f0bc7896-fde1-ef82-412a-dcee053e82f9@debian.org>
References: <[🔎] f0bc7896-fde1-ef82-412a-dcee053e82f9@debian.org>

Hi Thomas,

On 14/05/2020 19:08, Thomas Goirand wrote:
> I released an update of Keystone for a quite serious problem related to
> ec2 credentials where a user can become admin. I was able to fix the
> last 4 releases of OpenStack. Though I don't have the energy to
> investigate these CVEs in Stretch and Jessie. Probably Keystone over
> there isn't even affected, I don't know.
> 
> Is anyone interested to do the work? If so, best would be to look at the
> 4 patches I added to the security release of Keystone in Buster.

Thanks for the info.

OpenStack was recently marked EOL in Jessie, citing a 2015 message from
you actually:
https://salsa.debian.org/debian/debian-security-support/commit/486197770133ba3c2f3a827802539661a06bc592
https://lists.debian.org/debian-lts/2015/11/msg00024.html
Does that sound OK?

Stretch is still maintained by Debian Security team (though LTS will
take over within a couple months), adding them in Cc: to discuss what to
do in Stretch.

Cheers!
Sylvain Beucler
Debian LTS Team

Reply to:

Follow-Ups:
- Re: Taking care of Keystone in Stretch and Jessie
  - From: Thomas Goirand <zigo@debian.org>

References:
- Taking care of Keystone in Stretch and Jessie
  - From: Thomas Goirand <zigo@debian.org>

Prev by Date: Re: Jessie update of apt?
Next by Date: Re: Taking care of Keystone in Stretch and Jessie
Previous by thread: Taking care of Keystone in Stretch and Jessie
Next by thread: Re: Taking care of Keystone in Stretch and Jessie
Index(es):
- Date
- Thread