[Git][security-tracker-team/security-tracker][master] CVE-2026-22797 / python-keystonemiddleware only affects trixie

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
417e7d5b by Moritz Muehlenhoff at 2026-01-15T23:02:02+01:00
CVE-2026-22797 / python-keystonemiddleware only affects trixie

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -245,6 +245,8 @@ CVE-2021-47752 (AWebServer GhostBuilding 18 contains a denial of service vulnera
 	NOT-FOR-US: AWebServer GhostBuilding
 CVE-2026-22797 [Privilege Escalation via Identity Headers in External OAuth2 Tokens]
 	- python-keystonemiddleware <unfixed> (bug #1125680)
+	[bookworm] - python-keystonemiddleware <not-affected> (Vulnerable code not present)
+	[bullseye] - python-keystonemiddleware <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/01/15/1
 	NOTE: https://bugs.launchpad.net/keystonemiddleware/+bug/2129018
 CVE-2026-0708


=====================================
data/dsa-needed.txt
=====================================
@@ -57,6 +57,8 @@ python-aiohttp
 --
 python-django
 --
+python-keystonemiddleware/stable (jmm)
+--
 python-urllib3 (carnil)
 --
 python-tornado



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/417e7d5b2896c6243723b6443a9c17445a6f8cc8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/417e7d5b2896c6243723b6443a9c17445a6f8cc8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260115/38449221/attachment-0001.htm>