-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Apr 2026 11:10:59 +0200
Source: keystone
Binary: keystone keystone-doc python3-keystone
Architecture: all
Version: 2:22.0.2-0+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
 keystone   - OpenStack identity service
 keystone-doc - OpenStack identity service - documentation
 python3-keystone - OpenStack identity service - library
Closes: 1133118 1133884
Changes:
 keystone (2:22.0.2-0+deb12u2) bookworm; urgency=medium
 .
   * CVE-2026-40683 / OSSA-2026-007: LDAP identity backend does not convert
     enabled attribute to boolean. When the user_enabled_invert configuration
     option was False (the default), Keystone did not correctly interpret the
     LDAP enabled attribute, causing users disabled in LDAP to be treated as
     enabled and allowed to authenticate. Deployments using the LDAP identity
     backend without user_enabled_invert=True or user_enabled_emulation are
     affected. Applied upstream patch:
     - OSSA-2026-007-fix_ldap_enabled_setting_not_interpreted_as_boolean.patch
     (Closes: #1133884).
   * CVE-2026-33551 / OSSA-2026-005: Restricted application credentials can
     create EC2 credentials. Applied upstream patch "Prevent unauthorized EC2
     credential creation and deletion" (Closes: #1133118).
Checksums-Sha1:
 f80bb58cbea591c996c0597d3e2b8818c733567a 2188844 keystone-doc_22.0.2-0+deb12u2_all.deb
 f52fa1b3ed7e2ad78592433a31ca1f2db69c6249 17622 keystone_22.0.2-0+deb12u2_all-buildd.buildinfo
 15b1209498d969d150e5a97520aeacb2bfdf8d88 71072 keystone_22.0.2-0+deb12u2_all.deb
 b74f17dc8ece9c414a4be4171360b0339380aa63 699584 python3-keystone_22.0.2-0+deb12u2_all.deb
Checksums-Sha256:
 25cd48db4fc6c060f103a96308dc07ff42111bdcac551c80c7fff21edf8f20f0 2188844 keystone-doc_22.0.2-0+deb12u2_all.deb
 409a48c79a5f83befba319456533d0d696e0d0ea59acb330875e6665b57e55a6 17622 keystone_22.0.2-0+deb12u2_all-buildd.buildinfo
 9b993bdab56c5364685ac88d7f5ca651ab261393589283c578ba1d8380ec6c4b 71072 keystone_22.0.2-0+deb12u2_all.deb
 274481407f2b9a01d5269a151a779eb5d746a9ace29fb83741e1336ba1fdebf2 699584 python3-keystone_22.0.2-0+deb12u2_all.deb
Files:
 72cbd15601f16fe7cf2948b1f1dacfff 2188844 doc optional keystone-doc_22.0.2-0+deb12u2_all.deb
 10d3d3a7f12ab4ee99a5e9e7ba558127 17622 net optional keystone_22.0.2-0+deb12u2_all-buildd.buildinfo
 d0cb42f2d993d5c5fd81f900ae59303f 71072 net optional keystone_22.0.2-0+deb12u2_all.deb
 885fb6b680162095c9c3820eabe5fa30 699584 python optional python3-keystone_22.0.2-0+deb12u2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXLxUpUHQBQBTDtd4aBVi67oXtfkFAmoQ4RoACgkQaBVi67oX
tfmplg/9H4iLLIQHRZG/q48SE3K5mkd/FK6h5ceSEcR9kWnvisdl2ES1eXplbxTB
FcWPkx2YVgVVCiUwP3GmbxImdWLub3qcHkR6U1hKwKz0rQrff1o9Aaz1Pt8jF3bk
lTbSue+SCIePExSqQQQ/FseRsTEYdpDaAsmJdSjvQRvK14g96UOPdKpLkGSGmSZk
3vP20dR1pxx+iXHIercI/85QfNSxkzmufGbBKtGyPKwtciKWteFYScggJ+Z0Mt9W
tOK1f/M00CZ4zGwLDcXzgAhjvaKgayC5fLwZ7L5dUg43eIoL94ZjSOKRZRhxqN9W
d3Pf+2RrO4QPFNj1XS9NOdrWxx+KdItrfVxl3ztvu00a92s266x67UpNl7xuoQ2H
62BPqyqqMg43VU5FC3q5+BGNffsutIdhPvXLI8TFZXz2r5bupqGULgyyN3OcxEH6
hOl3j6sRGvfEluLxd7r6FCtJXuFGIvhXFjOWHIcPJ4pzoZcHcXidpV5CZtWFm0Yj
9PmLQuEnkg85YGMlbG605rUPsHiIBUT9QyP12yLOy9k+3GVuC31s12KYcEneDNSd
eC3rV6nLvUbfNqXxnCStuKWzXeP3NE4bNiUeSJ6cAWOuU1xvZf1PDtHMk85tYAQx
U/nlzN8oTaa0IONICxE9cGtI8dBLqnexeW6l0wFX2SQg+3FYmqk=
=8SIK
-----END PGP SIGNATURE-----