On 5/7/26 7:07 PM, Adam D. Barratt wrote:
Control: tags -1 + confirmed
On Thu, 2026-05-07 at 12:05 +0200, Thomas Goirand wrote:
I'd like to update Ironic in Trixie to the latest point
release from upstream, ie: 29.0.5.
[ Reason ]
This version includes fixes for CVE-2026-42997 and CVE-2026-42510,
which are both serious security issues (ie: shell injection, and
credential forwarding to arbitrary endpoint).
+ironic (1:29.0.5-1~debu13u1) trixie; urgency=medium
That version implies that it's a backport of a 1:29.0.5-1 package from
a higher suite, which is not the case. Please make the version
1:29.0.5-0+deb13u1 instead, and feel free to go ahead with that change
made.
Regards,
Adam
Uploaded.
FYI, the version I uploaded also fixes:
- CVE-2026-44916
- CVE-2026-44919
(I added 2 patches from upstream)
Cheers,
Thomas Goirand (zigo)
