-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 25 May 2026 17:18:35 +0200 Source: mistral Architecture: source Version: 20.0.0-2+deb13u1 Distribution: trixie-security Urgency: medium Maintainer: Debian OpenStack <[email protected]> Changed-By: Thomas Goirand <[email protected]> Closes: 1138843 1138849 Changes: mistral (20.0.0-2+deb13u1) trixie-security; urgency=medium . * CVE-2026-41283: Mistral policy enforcement bypass allows unauthorized public resource creation and arbitrary code execution. Applied upstream patches: - Restrict publicize policies to admin only - Remove unnecessary expect_errors=True from policy tests - Add code_sources publicize policy and enforcement - Restrict code_sources and dynamic_actions policies to - Add dynamic_actions publicize policy and enforcement - Add workbooks publicize policy and enforcement - Add cron_triggers publicize policy and enforcement - Add environments publicize policy and enforcement (Closes: #1138843) * OSSN-0098: Mistral workflow execution context exposes Keystone auth token. Applied upstream patch: "Strip sensitive info from workflow execution context" (Closes: #1138849). Checksums-Sha1: f5b854625f9fd69baa1693184ebdd6df39d8f555 3536 mistral_20.0.0-2+deb13u1.dsc d521ec7e7ace2409de2c97c3cccf67f2f91b67e5 1013184 mistral_20.0.0.orig.tar.xz 1578f0956734337f30a22803d8c6a83d12c10ef9 21228 mistral_20.0.0-2+deb13u1.debian.tar.xz a47693c653c0ce23b84d9441dc6624cdabec930e 17628 mistral_20.0.0-2+deb13u1_amd64.buildinfo Checksums-Sha256: 2b37fb33e6f944361d7d0de72c4df31b69ec930d4cfceff6d5e8756549ca3b68 3536 mistral_20.0.0-2+deb13u1.dsc 2c8368e56b9038a8f1b1c75440168a95bf389b9080d923c07fac8f4e4121a1a3 1013184 mistral_20.0.0.orig.tar.xz 442b30306097bc93d48c696d94142f3b580d03a11e6a3d0fed3c47c8587bc228 21228 mistral_20.0.0-2+deb13u1.debian.tar.xz 4c5bef8000bdc6bb942a86a1d614b4be08eb1a75f36c547b47be0d6cf25ae52d 17628 mistral_20.0.0-2+deb13u1_amd64.buildinfo Files: 64ce16f1e983d06c616f152136efd9bf 3536 net optional mistral_20.0.0-2+deb13u1.dsc 83adc2526c2c78db6d680ec05e032186 1013184 net optional mistral_20.0.0.orig.tar.xz 64d9fb6430c1990ee45b8fd098da6c9a 21228 net optional mistral_20.0.0-2+deb13u1.debian.tar.xz 33ecac5579e813857058b178f4b87ac1 17628 net optional mistral_20.0.0-2+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmolmwAACgkQ1BatFaxr Q/56pQ/+OzwfZPl56nUwaY+rlbxif00xjHuX4zinCqKikalNx3PhGQsz//w8Tbzs SGDLlwcz7Fj9VSDouEooYu5iz7WZ7gh8lscVxV7W4llV7Fo0GW3diLYi/mFDz9OC bz+kg3fqYdk/NKyxEu+Hen+sykaLu+CuDCXpsQYP4JnZQINVGP+dgqYfHD7tzauY 8lWpnnOt4m4JxilSx7dE7jqMF2BpNC+Y/QRODtLSw2+vwqmqpHh1JWN4Cf14D8ZQ Kpn1Ne4sE0u8TCeKEvvffdQWsjap6dISaPWDsXpL7kFo4JgfBATOafjoSMpbWZjP PuW7U5fwVV59y5PC+AMF8zFdmTye+P5WwKD8O5W3CyJRTMSplrx84IUrFRbzXjqA kOGP8loitun+3yELbchi04Xv5d1SLAUhGKMClk2Be95MLqacz9DkmV/CXy7KpiuA 6i691QlzbmLMQ9t50/JJH8UwU/Xf0J56Ra051r6RBa15WJsgvL+GnySr0X/vgCYK TReNsmHiYT0Ls7LG4gWrn1GHVQe6Taavka1lD5/iqi7b9nVA3ybkenrjk9g7tffG yHby+HKonrV7Q540vE0cz+8HiDODBITONz4w4uIf361rfDmY7rNgncfYksCkHgci OP6jsDR2UHgJWvD942xVw4Yzj6/czrSSSBxsCAsOFY0lp6IcFic= =mn94 -----END PGP SIGNATURE-----
pgpi4vxHQYcTq.pgp
Description: PGP signature
