Hi,
[ Reason ]
I'd like to fix a security issue where the policy for tags on
floating-ips shouldn't be granted. For more details, see the
announce from upstream:
https://security.openstack.org/ossa/OSSA-2026-016.html
[ Impact ]
tagging policy bypass allows project readers to mutate tags
[ Tests ]
Upstream unit tests are run during package build.
[ Risks ]
Change isn't big, only to the policy (upstream added some
policy.enforce() calls).
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Just the upstream patch.
[ Other info ]
Note the attached debdiff targeted trixie-security, I'll
adjust for p-u before uploading.
Please allow me to uplaod Neutron 2:26.0.0-9+deb13u1.
Cheers,
Thomas Goirand (zigo)