-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 08 Jun 2026 22:00:22 +0200 Source: vitrage Architecture: source Version: 9.0.0-3.1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian OpenStack Changed-By: Thomas Goirand Closes: 1139452 Changes: vitrage (9.0.0-3.1+deb12u1) bookworm; urgency=medium . * CVE-2026-28370 / OSSA-2026-003: Remote code execution through Vitrage query parser. Applied upstream patch: Replace eval with function matching. (Closes: #1139452) Checksums-Sha1: 4ee9724166386d7816c41d3ac0bacee7c5ac572d 3765 vitrage_9.0.0-3.1+deb12u1.dsc d0f0639ca62db72f3d740c218516fd833a7c503c 1595144 vitrage_9.0.0.orig.tar.xz 9b0d49ea519ceaf35a43eb60cbbe7fbfbd081518 9156 vitrage_9.0.0-3.1+deb12u1.debian.tar.xz 9e7e8596eb67b2cc59e6632998fe549f732b764c 20306 vitrage_9.0.0-3.1+deb12u1_amd64.buildinfo Checksums-Sha256: fff6fd5a60812e350360f36eaada8767719d7d1e5216fc0d843aa34d8e0415b4 3765 vitrage_9.0.0-3.1+deb12u1.dsc 336838c0f88941fb6fc937395a5e581453482945c737db3a1b2b975cd5b9d894 1595144 vitrage_9.0.0.orig.tar.xz ba312ee5ba425782e40884dd9d268d2473b94c525188922f7fba8ebeb6b8d61b 9156 vitrage_9.0.0-3.1+deb12u1.debian.tar.xz 5a8172290982186d185d0c24a557d39e9be1d52d82f3a12ebece1746b23817bd 20306 vitrage_9.0.0-3.1+deb12u1_amd64.buildinfo Files: b6f72c2e942e68fa95abee275728ff8b 3765 net optional vitrage_9.0.0-3.1+deb12u1.dsc 178c7592e68403bb8beb317d1e3acbcb 1595144 net optional vitrage_9.0.0.orig.tar.xz 1a186b98e4bc35fbda3dbcb9c96b1ff5 9156 net optional vitrage_9.0.0-3.1+deb12u1.debian.tar.xz 53b7409994262c2ea688c9b6b40d46d5 20306 net optional vitrage_9.0.0-3.1+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmovrsAACgkQ1BatFaxr Q/5O2A//dVTur9AoIfsKYAfbt+Rvg2QkX5UePT+kUB9bg7MiCZRw5BWlOP0DGx8Q VbTHCLud4jBMSCil9AJ49kV7e5fN3feKQ4buBn6+7DYABETf8F7oZ9rUGBSnX1Z0 1V4KPgh66twelO2Ku5MGCTIQS0f+sHxCZ2sF1tIHzUgMzCtBkHuwpH5Ps5wPHQUE 8Ibi0pnnf9D4XtL0THBQNhhoXEmJ/qxgEK3XlgNwX41CLz/gJeg4eCNJddQzogYE otBlr99c8vKakQyq1+beQEvCFPioWzTafHbxOVwbBLfB/Hqk3e13of32T7jffSQR 4WXSqa2sJUlUuosx8+NNpdra3cq6kTI3IEUBcHrsM6z4yWSaUOuf+cfdu7kruQS5 TJ6oWsW6eNbJ8RNKdXu0pAJW+TwzJyYAlqxojhwmsUbDd6gKK0ps2FEv9wHNgtEK +3wOm4Uj+uFPUJwAOtX8b0BntGl8+vT6owgA+kIArRtKRerEtxH0qQmGo2dO6vTw TCUxOEt1oHpnq0FMDeck3rMm1hG960E7chvET3u+N/14YlS4iUe6/VWgS4eYs8l8 raeWbVWfk5MV4wUO0O+9ot2pSoHV/YTArFgeJZxwd2+VIMAr/74xyuR1bEPvFZvj ujpzl/bRq2PtAssvsk12sMUuoMBJnJscoOtz08uL13lzJx+xynk= =AwJo -----END PGP SIGNATURE-----