Accepted keystone 2:14.2.0-0+deb10u2 (source) into oldoldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted keystone 2:14.2.0-0+deb10u2 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 21 Jan 2024 20:50:19 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: keystone_14.2.0-0+deb10u2_source.changes
- Debian-source: keystone
- Debian-suite: oldoldstable
- Debian-version: 2:14.2.0-0+deb10u2
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=0NdCj5FlgawkC10b1H6HTrGswgPKTFDLeqs7MToApyk=; b=FQo4FzfRwRunZtWku49AIetlb4 jHHZ5E6JX93p6TxBko2C/oUAGpMXSB+JoHvv7IAsF/2pZIRmOC5K+bCUl2yJhzdmRSJHix6XL6/3X zacVV3eeeYRax3pYF9hgQtYOR9B87XE9+8f7ggxqm7xfGZusoesFg5eWGaLYUsPk8nFUoxnUXNhAR Afy32cLx7IsRHhJbvKzH6CtcNcb0DmqD0QiJQbZGjB3y5NLl72Knt39GChg3JwJUwfny8KnMz/+Ac CmG+DwPfVEC4mJVhmZibk+0pNUpVl5gFTyr80f6q5EkT2YpY/iRy2dP1ahRums7C/eaidMR2TTHgY SsR19WfQ==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1rReln-005hQU-9R@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 04 Jan 2024 23:48:53 +0000
Source: keystone
Architecture: source
Version: 2:14.2.0-0+deb10u2
Distribution: buster-security
Urgency: medium
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Changes:
keystone (2:14.2.0-0+deb10u2) buster-security; urgency=medium
.
* Non maintainer upload by the LTS team
* Add salsa CI
* Fix CVE-2021-38155: keystone allows information disclosure
during account locking (related to PCI DSS features). By guessing
the name of an account and failing to authenticate multiple times,
any unauthenticated actor could both confirm the account exists
and obtain that account's corresponding UUID, which might be
leveraged for other unrelated attacks.
* Fix CVE-2021-3563: Only the first 72 characters of an application
secret were verified allowing attackers bypass some password
complexity which administrators may be counting on. The highest
threat from this vulnerability is to data confidentiality and integrity.
Checksums-Sha1:
2a7f8451b92ee299395c832e3f122628e6ad747a 3924 keystone_14.2.0-0+deb10u2.dsc
195e7c62b3b7ce8536e46d28f2e97e3c8f978afa 54220 keystone_14.2.0-0+deb10u2.debian.tar.xz
db1b7eba7bdfe788144ddc93de89bda8eaa7a5d6 16714 keystone_14.2.0-0+deb10u2_amd64.buildinfo
Checksums-Sha256:
bb28d57eb579ba5221349e771b3926213ac1e589b126aac66d5f16255400a4dd 3924 keystone_14.2.0-0+deb10u2.dsc
ec95ab0bc02346f51489eb9d767182812fb6abfc2d5d6fc0a1fb11b8db8c16e3 54220 keystone_14.2.0-0+deb10u2.debian.tar.xz
c7c970c23cbda6c5c4ca5df63ab64fbf42da6a3a2671009b63adf7f283106149 16714 keystone_14.2.0-0+deb10u2_amd64.buildinfo
Files:
c9aef8845d001937008b33cb736417d1 3924 net optional keystone_14.2.0-0+deb10u2.dsc
3a433275f6e89ee65c6ef745798f245c 54220 net optional keystone_14.2.0-0+deb10u2.debian.tar.xz
0dcb0b9253a5f88f8a882b9d742c4607 16714 net optional keystone_14.2.0-0+deb10u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmWtgFURHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF/Qwg/+IMnfjcrNMTrEwDrnA+qH5zk1wc06jS2K
j9THc8uOWXseLx+Q0ePLbqcfVOCZ2wjMcYHXjqKnRgA19AsbFn63Gm/KJv7Hi6bf
pNzackd1rHTsQvgHbkSbNbNL3xc7jmsyQkSKV1/u3YlS5gVUnwLdLxRMgx95Pw4R
Fdcw7fm7jvyoGNnCOvDoQ6sR3g7N8Ehm+KF6GtmUHY2VcZPoFs0GzsT19L4VDlmO
1T8/Y22g+at3lmbK87S/Zh5ilaUsTKBx2GwNNC7Gl6b+Mro2G6oICkSzoNkHFfzy
Ssl86/xedrx8h9zKFxQZzdeiwkZnZl7oVXdNI3WIbyLuoXv/o+eJnhUtXWzYkCGC
VVQqIKBSnQw3H8xaGkHWc6s83Ecmuyvd606EikmDHUISE+dlOeF5iaJEmEWl/ydm
hn6SB3Dyo2rf27coRb/bt/ocwjGtlbpL8OoKGTyo9I1vmkE5xxLIXpNnx9BNwrZ/
1d9tewTVdevRl7UVbkBEV1e8ERJo81b/FEDnhrlrLJ49KbL1qYr57RJ7GFECHdk1
+IvD5XvaZ1YGHZNg4KI5bEwZd0f+3eMgBOsrqm7zE9WoGXEc3HkLCEC5orK8szS7
4ahvesdMkJjdlUeJkz8oFqCC+UH17Bz1vvF2jmZuVGp1kLBnhMqTuHlzG9oS5E8A
D++DablpsUs=
=2dYv
-----END PGP SIGNATURE-----