A vulnerability was found in python-glance-store. The package logs access_key for glance-store when DEBUG log level is enabled.
If our tracking downstream in Debian is correct, then the fixes upstream should be https://github.com/openstack/glance_store/commit/a5ba027922ba1230b4ae9abb810f36427be6354a and https://github.com/openstack/glance_store/commit/d6e531af4821c8466b1e9404f12f89f6216417f2 . Is this correct?
Yes. Note that we have backports on the way: https://review.opendev.org/q/I9193df38d613259b61bb369fa1040fb2c51a21d7 https://review.opendev.org/q/I8dc564bed33d6fc71965f4f573ae9109b410b1d4 Thanks for your work in Debian!