Debian Patches

Status for python-keystonemiddleware/10.1.0-4

Patch Description Author Forwarded Bugs Origin Last update
no-intersphinx.patch No intersphinx.
===================================================================
Thomas Goirand <zigo@debian.org> not-needed 2017-10-05
CVE-2022-2447_Remove_cache_invalidation_when_using_expired_token.patch Remove cache invalidation when using expired token This can create a race condition for long running services that reuse
their token (eg. Kubernetes Cinder CSI plugin) in this case for
example:
.
1 [user] Asks nova to attach a volume to a server
2 ...the user's token expires
3 [user] Asks cinder if the volume has been attached
4 [nova] Asks cinder to attach the volume
.
In step 3 the token is marked as invalid in the cache and step 4 fails
even if allow_expired is true

diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py
index 0feed6f..ddb2ddc 100644
Jorge Merlino <jorge.merlino@canonical.com> yes upstream upstream, https://review.opendev.org/c/openstack/keystonemiddleware/+/860481 2022-10-05

All known versions for source package 'python-keystonemiddleware'

Links