-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 09 Jun 2026 09:48:17 +0200 Source: vitrage Binary: python3-vitrage vitrage-api vitrage-collector vitrage-common vitrage-doc vitrage-graph vitrage-ml vitrage-notifier vitrage-persistor vitrage-snmp-parsing Architecture: all Version: 14.0.0-4+deb13u1 Distribution: trixie Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Thomas Goirand Description: python3-vitrage - OpenStack RCA as a Service - Python libs vitrage-api - OpenStack RCA as a Service - API server vitrage-collector - OpenStack RCA as a Service - Collector service vitrage-common - OpenStack RCA as a Service - metapackage vitrage-doc - OpenStack RCA as a Service - documentation vitrage-graph - OpenStack RCA as a Service - Graph service vitrage-ml - OpenStack RCA as a Service - Machine Learning Service vitrage-notifier - OpenStack RCA as a Service - Notifier Service vitrage-persistor - OpenStack RCA as a Service - Persistor Service vitrage-snmp-parsing - OpenStack RCA as a Service - SNMP Parsing Service Closes: 1139452 Changes: vitrage (14.0.0-4+deb13u1) trixie; urgency=medium . * CVE-2026-28370 / OSSA-2026-003: Remote code execution through Vitrage query parser. Applied upstream patch "Replace eval with function matching". (Closes: #1139452) Checksums-Sha1: bd19764f3fedd65346bcab1d4fbec931d23a4d3a 261280 python3-vitrage_14.0.0-4+deb13u1_all.deb 0ecc2d00e540550976ed65a8cc00094745606943 25032 vitrage-api_14.0.0-4+deb13u1_all.deb 5faa63a6c594a02e839ffeea0701fc0b32fcedcb 7960 vitrage-collector_14.0.0-4+deb13u1_all.deb de2c42f0391dfe88a04ee5db57fd7484457c006c 42088 vitrage-common_14.0.0-4+deb13u1_all.deb 61fb1149bbf60540e3278442b5cd643d09da64ca 2245336 vitrage-doc_14.0.0-4+deb13u1_all.deb 3be772b58b4025b7dc03a3fdbb98a44166463b25 7944 vitrage-graph_14.0.0-4+deb13u1_all.deb 033e635efd194c1684f744c13cb1f476c615bb89 7968 vitrage-ml_14.0.0-4+deb13u1_all.deb ae2f161b45cad070c503d1cc1847b88aa461dd50 7952 vitrage-notifier_14.0.0-4+deb13u1_all.deb 7812a6f0065de011fd0da46557f8292e6478af69 7956 vitrage-persistor_14.0.0-4+deb13u1_all.deb 91bc1d38229ddae6a9f09194d0fc019abcf9cefa 7972 vitrage-snmp-parsing_14.0.0-4+deb13u1_all.deb 9d0b37fe8fad611e973eaeda4f4f2b31574132cf 19369 vitrage_14.0.0-4+deb13u1_all-buildd.buildinfo Checksums-Sha256: 50f4d325eee2a466f0e52978d4db12dc9fb94721ca60d7cfd8339e18d5c1336d 261280 python3-vitrage_14.0.0-4+deb13u1_all.deb 1e123caefe596891e9c2b817d02fb56f188d064533106c2c6bc524300e45e931 25032 vitrage-api_14.0.0-4+deb13u1_all.deb 5d0bb3ea23b635ed0c7b70fa82e8c3c9118dc7b0e74d129a8016558bfe1436c4 7960 vitrage-collector_14.0.0-4+deb13u1_all.deb 8cf63fc55e356224482bf21e40cd2311868730d06c08ce866da3b3447c4edd40 42088 vitrage-common_14.0.0-4+deb13u1_all.deb 1ef8a98f291cb054b076e2cfa1c4cb0eed4fe3db9cc03a5b1a84ee4b4479a321 2245336 vitrage-doc_14.0.0-4+deb13u1_all.deb 12a525ce25cdc890b5201e806151306710c3b6944a99974aaece3f36cafbe261 7944 vitrage-graph_14.0.0-4+deb13u1_all.deb 331f2398cebeea48906c815ffee8aa52e0d87db97a52df93555c3bcc9cca84af 7968 vitrage-ml_14.0.0-4+deb13u1_all.deb c4887ca2e3d66b895ea14de3e9bf49f3ee52a85d9d45cd7e1779063d8eee53d2 7952 vitrage-notifier_14.0.0-4+deb13u1_all.deb 1f06149170516876c0e6eeaf2e9be28635650a59c114bcd29adf058cfe404b30 7956 vitrage-persistor_14.0.0-4+deb13u1_all.deb 8a1b8f71cf84832ec1039ded439a14b311d40e82152b91e322f2a09678bb66da 7972 vitrage-snmp-parsing_14.0.0-4+deb13u1_all.deb 6c6bad39350a24363a79865a663887bb57672e498ced370465f0cd3651035b74 19369 vitrage_14.0.0-4+deb13u1_all-buildd.buildinfo Files: f72790f8eee8f482e5c6e05524a103fc 261280 python optional python3-vitrage_14.0.0-4+deb13u1_all.deb fa3091550f791477e291a21f41061769 25032 net optional vitrage-api_14.0.0-4+deb13u1_all.deb b06b5a69b365059878996b9df0350f17 7960 net optional vitrage-collector_14.0.0-4+deb13u1_all.deb 9c1b376bf2735e7bb798cd4ea580031b 42088 net optional vitrage-common_14.0.0-4+deb13u1_all.deb ab4ae7bcfce8f40a2e30b047cb2e43aa 2245336 doc optional vitrage-doc_14.0.0-4+deb13u1_all.deb 6f9cec0ad820bde23bf302dd8daf4ea6 7944 net optional vitrage-graph_14.0.0-4+deb13u1_all.deb 65dfaecc4a44fbaa3eac1c383132af28 7968 net optional vitrage-ml_14.0.0-4+deb13u1_all.deb 8af0a7f6f55e60f5cfab21078736c31f 7952 net optional vitrage-notifier_14.0.0-4+deb13u1_all.deb 29092d4386e756015deb829913fdce7a 7956 net optional vitrage-persistor_14.0.0-4+deb13u1_all.deb 495f419555b5afe40e2d6d369ac3cedd 7972 net optional vitrage-snmp-parsing_14.0.0-4+deb13u1_all.deb 630cca929bab79e52cf284b32ca87bfd 19369 net optional vitrage_14.0.0-4+deb13u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5ZI1lXv5WjhHIVjsN8Ugyu9dQiQFAmoxvUkACgkQN8Ugyu9d QiQBHQ//TmSx0dEpEFuxCyoFHJ8HrQCLBXeX96aiaDX9KMYaIbj9su5docM9WvD0 r8oQHfgbCTBlaKLzFPGqeL9CAdBXlefHs9uzLPW3nAudSq8nvJO0n09al68TXqjz 6kbrUp93p2Bjlpwb3FeO7um5KY5hyKvAaeTPHa7Ro5p5VCy/v1a90fd8JV5FcMa7 kUWJ8Kwb5BGTzvHYsRt7Blb27zLBKP/7y0YAQFmuZVngde2DjjqXwvRZGngDMqp/ bAhCWwlRmobH5oowC3RRuGDYX74Ohlmcx6j1hENUp2iyV38HDe0Rs3KbBuvH+kH3 8Sp79BR+VebH/zss3NdTkNMSsZwXPt11+gGoICCTkqBlJnJkldsGZAJmIhVzPxUu T8KfQ+Ci8nlfD0Tj3AmCqQHBcerKfcneGT8J3S1c4qJh5vFd9Kd2elU/eYapvgkX j4pVTwa8IQ68R0cdEXhqimSOWwVVqtQ9ABvq2sZ32/HUOVWjOCx2CKSXdnDgDQJh YcCW2WhzD46QC0xgmuxXSWKAXNHPfsYsNh/psekocscq4kaYeRDJMBM1h4W3mztB VYMCbm3tlpqg1GmGyOC8gSdpp7u49lIeL/bJuRda28CpJBDOklRlO7IVMkRpbNdz 8Mo5Uyd/GRXvAbRj/Vet7+brCXaMHRORKoZ29ctWFW6aUD1ZYm4= =E6/q -----END PGP SIGNATURE-----