[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-22797/python-keystonemiddleware via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 16 04:52:37 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
292ba886 by Salvatore Bonaccorso at 2026-01-16T05:51:53+01:00
Track fixed version for CVE-2026-22797/python-keystonemiddleware via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -245,7 +245,7 @@ CVE-2021-47753 (phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload v
CVE-2021-47752 (AWebServer GhostBuilding 18 contains a denial of service vulnerability ...)
NOT-FOR-US: AWebServer GhostBuilding
CVE-2026-22797 [Privilege Escalation via Identity Headers in External OAuth2 Tokens]
- - python-keystonemiddleware <unfixed> (bug #1125680)
+ - python-keystonemiddleware 10.12.0-3 (bug #1125680)
[bookworm] - python-keystonemiddleware <not-affected> (Vulnerable code not present)
[bullseye] - python-keystonemiddleware <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2026/01/15/1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/292ba8868058e094d63c88f34be73b892dc6de02
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/292ba8868058e094d63c88f34be73b892dc6de02
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260116/18e87d84/attachment.htm>
More information about the debian-security-tracker-commits
mailing list