[Git][security-tracker-team/security-tracker][master] track two keystones originally lined up for spu/ospu

Mon Jun 8 19:54:09 BST 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bf625bc4 by Moritz Mühlenhoff at 2026-06-08T20:53:40+02:00
track two keystones originally lined up for spu/ospu

- - - - -


3 changed files:

- data/CVE/list
- data/next-oldstable-point-update.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -34481,8 +34481,8 @@ CVE-2026-40688 (An out-of-bounds write vulnerability [CWE-787] vulnerability in
 CVE-2026-40683 (In OpenStack Keystone before 28.0.1, the LDAP identity backend does no ...)
 	{DLA-4611-1}
 	- keystone 2:29.0.0~rc1-2 (bug #1133884)
-	[trixie] - keystone <no-dsa> (Minor issue; can be fixed via point release)
-	[bookworm] - keystone <no-dsa> (Minor issue; can be fixed via point release)
+	[trixie] - keystone 2:27.0.0-3+deb13u3
+	[bookworm] - keystone 2:22.0.2-0+deb12u2
 	NOTE: https://review.opendev.org/c/openstack/keystone/+/958205
 CVE-2026-40499 (radare2 prior to version 6.1.4 contains a command injection vulnerabil ...)
 	[experimental] - radare2 6.1.4+ds-1
@@ -38714,8 +38714,8 @@ CVE-2026-39881 (Vim is an open source, command line text editor. Prior to 9.2.03
 CVE-2026-33551 (An issue was discovered in OpenStack Keystone 14 through 26 before 26. ...)
 	{DLA-4611-1}
 	- keystone 2:29.0.0-2 (bug #1133118)
-	[trixie] - keystone <no-dsa> (Minor issue)
-	[bookworm] - keystone <no-dsa> (Minor issue)
+	[trixie] - keystone 2:27.0.0-3+deb13u3
+	[bookworm] - keystone 2:22.0.2-0+deb12u2
 	NOTE: https://launchpad.net/bugs/2142138
 	NOTE: https://www.openwall.com/lists/oss-security/2026/04/07/12
 CVE-2026-5747 (An out-of-bounds write issue in the virtio PCI transport in Firecracke ...)


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -24,8 +24,6 @@ CVE-2026-25727
 	[bookworm] - rust-time 0.3.9-1+deb12u1
 CVE-2021-37746
 	[bookworm] - sylpheed 3.8.0~beta1-1+deb12u1
-CVE-2026-33551
-	[bookworm] - keystone 2:22.0.2-0+deb12u2
 CVE-2026-34956
 	[bookworm] - openvswitch 3.1.0-2+deb12u2
 CVE-2026-42510
@@ -36,10 +34,6 @@ CVE-2026-42997
 	[bookworm] - ironic 1:21.1.0-3+deb12u1
 CVE-2026-44916
 	[bookworm] - ironic 1:21.1.0-3+deb12u1
-CVE-2026-40683
-	[bookworm] - keystone 2:22.0.2-0+deb12u2
-CVE-2026-33551
-	[bookworm] - keystone 2:22.0.2-0+deb12u2
 CVE-2025-10148
 	[bookworm] - curl 7.88.1-10+deb12u15
 CVE-2025-14524


=====================================
data/next-point-update.txt
=====================================
@@ -10,10 +10,6 @@ CVE-2025-68920
 	[trixie] - ckermit 416~beta12-1+deb13u1
 CVE-2026-32953
 	[trixie] - golang-github-tillitis-tkeyclient 1.3.0-1~deb13u1
-CVE-2026-33551
-	[trixie] - keystone 2:27.0.0-3+deb13u3
-CVE-2026-40683
-	[trixie] - keystone 2:27.0.0-3+deb13u3
 CVE-2026-34956
 	[trixie] - openvswitch 3.5.4-1~deb13u1
 CVE-2026-35444



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf625bc484d409cae3a3d5580829d41717ede3ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf625bc484d409cae3a3d5580829d41717ede3ca
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260608/f8f95313/attachment-0001.htm>
