Control: tags -1 + confirmed On Thu, 2026-05-07 at 12:05 +0200, Thomas Goirand wrote: > I'd like to update Ironic in Trixie to the latest point > release from upstream, ie: 29.0.5. > > [ Reason ] > This version includes fixes for CVE-2026-42997 and CVE-2026-42510, > which are both serious security issues (ie: shell injection, and > credential forwarding to arbitrary endpoint).
+ironic (1:29.0.5-1~debu13u1) trixie; urgency=medium That version implies that it's a backport of a 1:29.0.5-1 package from a higher suite, which is not the case. Please make the version 1:29.0.5-0+deb13u1 instead, and feel free to go ahead with that change made. Regards, Adam
