Hi team! I released an update of Keystone for a quite serious problem related to ec2 credentials where a user can become admin. I was able to fix the last 4 releases of OpenStack. Though I don't have the energy to investigate these CVEs in Stretch and Jessie. Probably Keystone over there isn't even affected, I don't know.
Is anyone interested to do the work? If so, best would be to look at the 4 patches I added to the security release of Keystone in Buster. Cheers, Thomas Goirand (zigo)
