-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 25 May 2026 17:20:47 +0200 Source: mistral Binary: mistral-api mistral-common mistral-engine mistral-event-engine mistral-executor python3-mistral Architecture: all Version: 15.0.0-1+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: all Build Daemon (x86-csail-02) Changed-By: Thomas Goirand Description: mistral-api - OpenStack Workflow service - API mistral-common - OpenStack Workflow service - common files mistral-engine - OpenStack Workflow service - Engine mistral-event-engine - OpenStack Workflow service - Event Engine mistral-executor - OpenStack Workflow service - Executor python3-mistral - OpenStack Workflow Service - Python libraries Closes: 1138843 Changes: mistral (15.0.0-1+deb12u1) bookworm-security; urgency=medium . * CVE-2026-41283: Mistral policy enforcement bypass allows unauthorized public resource creation and arbitrary code execution. Applied upstream patches: - Restrict publicize policies to admin only - Remove unnecessary expect_errors=True from policy tests - Add code_sources publicize policy and enforcement - Restrict code_sources and dynamic_actions policies to - Add dynamic_actions publicize policy and enforcement - Add workbooks publicize policy and enforcement - Add cron_triggers publicize policy and enforcement - Add environments publicize policy and enforcement (Closes: #1138843) Checksums-Sha1: 62ab9e7dc09da73847d3bfeaead75c1bdbe3f930 23940 mistral-api_15.0.0-1+deb12u1_all.deb a0c4bb7e2489e7ddd130303b633ac7ca2f0bb791 41868 mistral-common_15.0.0-1+deb12u1_all.deb ed2d169595ad4853504ac1a8ba45bb32975339f8 7112 mistral-engine_15.0.0-1+deb12u1_all.deb 008aa4d8a0af19b49a09b2a838468b87d412fa77 7156 mistral-event-engine_15.0.0-1+deb12u1_all.deb 8e250bb2febefb73da5bfd1a56c6dfea6e5762b3 7108 mistral-executor_15.0.0-1+deb12u1_all.deb ce31ed0f4e378f0cfd72d9e3690da25c33933dc3 16935 mistral_15.0.0-1+deb12u1_all-buildd.buildinfo 9945be01a772545f8bb534577565634c28bf8075 295240 python3-mistral_15.0.0-1+deb12u1_all.deb Checksums-Sha256: 5fe56d3c9174f32126c279e95b87ce872dbdd736c9aebe7f06f43c0d6cc1dde2 23940 mistral-api_15.0.0-1+deb12u1_all.deb 718f6c5610eeba35dda8895a510492ddbfd48ca8c3cc860b9b06d2e07322ffa6 41868 mistral-common_15.0.0-1+deb12u1_all.deb 84a89e85fe5a0a3c9aeb95ecec7ec6c1efd2cce59d9065b18361c38746a1842a 7112 mistral-engine_15.0.0-1+deb12u1_all.deb 5b1def2d5b679777945c4e5d1a030646fef13653cae4be7a4b95088a81c134ec 7156 mistral-event-engine_15.0.0-1+deb12u1_all.deb a0f9977c9225a069bc844cfae382caa15331624186b2c2ab7bbf5f1b6f607eb0 7108 mistral-executor_15.0.0-1+deb12u1_all.deb 2ce9a97c25886923aa6566ffc763e535d82d1234edad62917177c5ba90aaaf33 16935 mistral_15.0.0-1+deb12u1_all-buildd.buildinfo c59ecb1449404989179dc6fd7cba5a232059630067b49223d169a6cbfe3ac728 295240 python3-mistral_15.0.0-1+deb12u1_all.deb Files: 79ea00b6bb9ac1d266f3e975a0e89327 23940 net optional mistral-api_15.0.0-1+deb12u1_all.deb 43bbc0370bb02294fc6aa2756e95f6e1 41868 net optional mistral-common_15.0.0-1+deb12u1_all.deb 759f76ab61a0c0b50fa7b37d2d9215b0 7112 net optional mistral-engine_15.0.0-1+deb12u1_all.deb ea62e26ced1b279f26a151b5222740f1 7156 net optional mistral-event-engine_15.0.0-1+deb12u1_all.deb 7ab62d39b633ab41a106065744a4a353 7108 net optional mistral-executor_15.0.0-1+deb12u1_all.deb 424c6fa58b6733849880b0034509e083 16935 net optional mistral_15.0.0-1+deb12u1_all-buildd.buildinfo ef922b2da7a7866ac1eb113ad89b624a 295240 python optional python3-mistral_15.0.0-1+deb12u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXLxUpUHQBQBTDtd4aBVi67oXtfkFAmonUgEACgkQaBVi67oX tfmzOxAAnMYpP1OMD3lIo3NwIox7z2huNpNtxr8rVNdkudgtn2JOvDst3mpbJnyw H9zXPeQgMMxwC1l39fpc585usx/I5RzkHYCAHUIhyqs1TGuwtzgVZq5/6JhBxxDZ 4UNhxIRpEnTkfWqizE1nxvT393Suq3xLtUBqbLhu27Ake7SeXfcsSIn2NtTlwrQF epdqORZJrwzfeXreYbisCtxdZ6H6bn8+h2bB3c3ggvawBkBN8k48BLK5nOiL2T/6 xfvNv/Xa4dZh2mG0qU8mXU5cdzsmvwG/GLopjbyjtX0kMH7iAg7bMFpAsT0sJtHE 3DKIqHv4iv540dXpKV6Lq09GIA1y6cCTODP0e9ic/ZOQeLEpwetoENwbr6ZfJC6Z rWVa5TqkFWCF1gVNSYcjOISzu3XbT6NbJHJ3oLf1ptDyzXqM92mQwpijvh/ouFyw k1VOaiMZkp5/IJv92LSLjMD85W9lDwKu961cowVWzxQOyg3Uw6RLYvJxUmpu5F3w puid1+n9BjGg989s3bkWf0A9NGHrrJg5GqdsWKVxRpPNtO2N7qe5f1GmRN6IOfXX X1YDcPWBQs8XzvfHfpICtHXDPc0WC7jhQOFk48Tp3a0h6WSLAD8W6FX2GNljT77k z7Ssn/zGtszmoB1IMDYNVAGEe27gJb2AQ7LrFn3D5xNpDT8XUI0= =zyC5 -----END PGP SIGNATURE-----