Debian Patches
Status for keystone/2:27.0.0-3+deb13u3
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| install-missing-files.patch | install missing files | Thomas Goirand <zigo@debian.org> | not-needed | 2019-08-18 | ||
| do-not-set-chartset-in-flask-responce.patch | Do not set charset in flask responce =================================================================== |
Thomas Goirand <zigo@debian.org> | no | 2024-01-22 | ||
| set-deprecation-warnings-to-ignore.patch | Set deprecation warnings to ignore Otherwise, Keystone FTBFS in Unstable. | Thomas Goirand <zigo@debian.org> | no | 2025-03-13 | ||
| api_Remove_constraints_on_user_IDs.patch | api: Remove constraints on user IDs Per the comment added inline, this is not valid when LDAP is in use. =================================================================== |
Stephen Finucane <stephenfin@redhat.com> | yes | upstream | upstream, https://review.opendev.org/c/openstack/keystone/+/951282 | 2025-05-20 |
| keystone-bug-2119646-stable-2025.1.patch | Add service user authentication to ec2 and s3 endpoints Add a policy to enforce authentication with a user in the service group. This maintains AWS compatibility with the added security layer. =================================================================== |
Grzegorz Grasza <xek@redhat.com> | yes | upstream | https://bugs.launchpad.net/keystone/+bug/2119646 | 2025-10-30 |
| CVE-2026-33551~OSSA-2026-005_Prevent_unauthorized_EC2_credential_creation_and_deletion.patch | Prevent unauthorized EC2 credential creation and deletion A restricted application credential could be used to create EC2 credentials granting full user access to S3, bypassing the role restriction. Add the same _check_unrestricted_application_credential guard that already protects application credential create/delete endpoints. . Additionally, tighten the ec2_create_credential and ec2_delete_credential policies to require at least member role, as these are write operations that should not be accessible to reader-role users regardless of whether they are using an application credential. diff --git a/keystone/api/users.py b/keystone/api/users.py index b3ec13f..f614f1c 100644 |
Grzegorz Grasza <xek@redhat.com> | yes | debian upstream | upstream, https://review.opendev.org/c/openstack/keystone/+/983589 | 2026-04-10 |
| CVE-2026-40683-OSSA-2026-007-fix_ldap_enabled_setting_not_interpreted_as_boolean.patch | OSSA-2026-007: fix ldap 'enabled' setting not interpreted as boolean interpretation of the ldap enabled attribute as boolean is only done if enabled_invert setting is set to true. diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py index 5ddf14d..fd09c7c 100644 |
Benedikt Trefzer <benedikt.trefzer@cirrax.com> | yes | debian upstream | upstream, https://review.opendev.org/c/openstack/keystone/+/982408 | 2026-04-15 |
All known versions for source package 'keystone'
- 2:29.0.1-2 (sid, forky)
- 2:27.0.0-3+deb13u3 (trixie-proposed-updates)
- 2:27.0.0-3+deb13u1 (trixie-security, trixie)
- 2:22.0.2-0+deb12u2 (bookworm-proposed-updates)
- 2:22.0.2-0+deb12u1 (bookworm, bookworm-security)