-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Apr 2026 10:06:32 +0200
Source: keystone
Binary: keystone keystone-doc python3-keystone
Architecture: all
Version: 2:27.0.0-3+deb13u3
Distribution: trixie
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) <buildd_amd64-x86-conova-02@buildd.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
 keystone   - OpenStack identity service
 keystone-doc - OpenStack identity service - documentation
 python3-keystone - OpenStack identity service - library
Closes: 1133118 1133884
Changes:
 keystone (2:27.0.0-3+deb13u3) trixie; urgency=medium
 .
   * CVE-2026-40683 / OSSA-2026-007: LDAP identity backend does not convert
     enabled attribute to boolean. When the user_enabled_invert configuration
     option was False (the default), Keystone did not correctly interpret the
     LDAP enabled attribute, causing users disabled in LDAP to be treated as
     enabled and allowed to authenticate. Deployments using the LDAP identity
     backend without user_enabled_invert=True or user_enabled_emulation are
     affected. Applied upstream patch:
     - OSSA-2026-007-fix_ldap_enabled_setting_not_interpreted_as_boolean.patch
     (Closes: #1133884).
   * CVE-2026-33551 / OSSA-2026-005: Restricted application credentials can
     create EC2 credentials. Applied upstream patch "Prevent unauthorized EC2
     credential creation and deletion" (Closes: #1133118).
Checksums-Sha1:
 2faaed8c2adb97446463c03f91c0277077d5a6fe 2253712 keystone-doc_27.0.0-3+deb13u3_all.deb
 5338a9bf9c71511f00e1fde49ffe6a14a1958507 18375 keystone_27.0.0-3+deb13u3_all-buildd.buildinfo
 afd1c1475a9d07e9b9b1c4bf1433f12d176110cb 72576 keystone_27.0.0-3+deb13u3_all.deb
 da811f37d98801f56a38ddb151381f41302ca01e 728720 python3-keystone_27.0.0-3+deb13u3_all.deb
Checksums-Sha256:
 7ee02f8579b95dff753acc2e51ccd34eb9907cbe4166810b4643b8facb79d1a7 2253712 keystone-doc_27.0.0-3+deb13u3_all.deb
 5503e4d07e0f6b15e4962ca4bdfdf483bc6899fd2d1d762e30ca69f907738d58 18375 keystone_27.0.0-3+deb13u3_all-buildd.buildinfo
 f8350577367d26f0378768800cdf3167d691fe9e92197d5fcceb88da6beb9f68 72576 keystone_27.0.0-3+deb13u3_all.deb
 8c38166394ac494065054e751e997a68e272a09a2431f73e2a35d03746b0189e 728720 python3-keystone_27.0.0-3+deb13u3_all.deb
Files:
 04320655277239ae4096b4e428ec9560 2253712 doc optional keystone-doc_27.0.0-3+deb13u3_all.deb
 72d9e92513da04f3e6d96b241e150898 18375 net optional keystone_27.0.0-3+deb13u3_all-buildd.buildinfo
 b46d8efa0495e215ee1c0548aad3ed05 72576 net optional keystone_27.0.0-3+deb13u3_all.deb
 4423b0c3d37b5dc53010bd64f04effaa 728720 python optional python3-keystone_27.0.0-3+deb13u3_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+i/sCsF3puL4e7qIGNGWmfrqILEFAmoQ4F8ACgkQGNGWmfrq
ILGabw//fi54/LcCa7xJm5FZN0xUsU7KGypawfn/up8fXbEbyJntNFbqHALgOAWB
R2kMVZAt99zZ3Yz5NofbFOMGiyei4YJp86Xj0sH7Lfm475/CtHKlfQa3+q/Qloi3
rcrHCjjilEM2G0ENTZo40MgVBnaVcSFDGGqWY+oG2hMU2qjcAhJDQJ5Q1VgtlH14
QoHn8KkLu26H3VL2/3fAi6L384cMsMpktUoP+WhBD7YRuozp3omN+Y8tzXxUCqd/
JNK8mwOfE+yok7ZKMsExmAT/d1KalYLLvfhHalS3wsYc8YJHeu9pTVH3xZ0XLcpy
9t0SIdyqIjDjchWj5yxmCDdov5a3FkFxYgLU5vnqkDX52Q2ZSdnHGo3FlKhz30EM
Q/TMqBMpjIxNpj5vxkoAwScAuq06anB5iKJSFx9Jvlk7XRt4QR/UIx074Phu1Ute
6pBU1ThqeSlLXWV8z/EIQHVW5uRMTZvqz5CyscBGcjy9+twI66ju7iCmbA8j4qlo
X/5d1Scif7YPfPnFBTypEd1ffywGijOeBxTlHkKC9Wxu05Raq7XTHOHFldsEth7j
UatTgpMuxvqpZ7VWFM2k1mRC+eeWjB2/umJtlQnSFbk8BdWwyXJ0XzjOyGO6wv4s
EBagbwkXeCOfVJRLKd5D+/n50YMLPu0UXXquiwJ0FPqu9z+1p8k=
=5+/T
-----END PGP SIGNATURE-----