-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Jun 2026 09:48:17 +0200
Source: vitrage
Architecture: source
Version: 14.0.0-4+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1139452
Changes:
 vitrage (14.0.0-4+deb13u1) trixie; urgency=medium
 .
   * CVE-2026-28370 / OSSA-2026-003: Remote code execution through Vitrage query
     parser. Applied upstream patch "Replace eval with function matching".
     (Closes: #1139452)
Checksums-Sha1:
 92b3831a12bb8ef65bc40e000f7203b814081b90 3770 vitrage_14.0.0-4+deb13u1.dsc
 6e3dcde6ab3854a772548b8839cc09573d0f3dd1 1593284 vitrage_14.0.0.orig.tar.xz
 624cab7e7cb9cf592ca82c439326f891da55725f 9816 vitrage_14.0.0-4+deb13u1.debian.tar.xz
 1fdd6b06c3d684934b37c11ab0163ffc31b65293 19592 vitrage_14.0.0-4+deb13u1_amd64.buildinfo
Checksums-Sha256:
 3659dd3c97a945586b685cee86761004aa94e078d0b016794605558b492b379d 3770 vitrage_14.0.0-4+deb13u1.dsc
 8f999878f3af470823f40b481c94c7674d34f4c4c8c7df18f6c2d445da8d5344 1593284 vitrage_14.0.0.orig.tar.xz
 2bb2263f6dbe33b21156c1e73f82699cbc5d25749e807aacf8fa52817e52c195 9816 vitrage_14.0.0-4+deb13u1.debian.tar.xz
 88f6c4ff4782af79b4cb6062dea8e6a71831b548071b6c6d6f9b99d733b4ee31 19592 vitrage_14.0.0-4+deb13u1_amd64.buildinfo
Files:
 6e29742ea4a3e8bf9189fe8849c4151c 3770 net optional vitrage_14.0.0-4+deb13u1.dsc
 932ae0188ac1895e8669b16ce027f5d2 1593284 net optional vitrage_14.0.0.orig.tar.xz
 30f35282d707e8c5c30a31c4eb280a3a 9816 net optional vitrage_14.0.0-4+deb13u1.debian.tar.xz
 95c84579a9dcda1328a6923555913c8a 19592 net optional vitrage_14.0.0-4+deb13u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmovpdIACgkQ1BatFaxr
Q/6+AxAAnj7oEyK/j0KNJw0a/WEVtcj54CRIso6/8E++EQakzCUd+W6JkjG+B0Wo
dFVye9YppE6xRoRdUy9Z1A21o1JOOG5LwMfHG3Lb+Gp+/r/Q8ZaYsememK+GIbJp
wHhGhInMHS5+CIDZVcYR0MwhpcPmVogavb36H7TgwIzmmSQSDGjfj1ZM4TfJpOqN
yJ1+iprUpuZjVBeDL/TB2gXLFni3CixErdBmYiispqCn58NUEUZ/I8ODQWs4WR51
ftP8zZqww8MLwnYUwc9b7ealfhRck6tVL+h8EJMC8vj2S26rW1d+KU1E/oz4fxjW
FxW9lSdvSJzzWX2U8apnCA3oUEKsz/EyD0lXI14B4dxtbQYxlpgjyzph2LT9WbaX
xiYP7pOWJZdndzzTeWy02MwNMBpb2bw4jHSCp8VzWdQHFbRYMi9dxGX+vdVdbJyh
/3wZO1h9XhgW8Uro4qEehZNCqeZWJhoVtw2U4lzpuASAWmzTgRo4j1bLvGBJ5xSV
O6vArQPUqwtpi45cu12mEcEzMH0ryaHmcGDN/KYdBwtYA8CeuVUnIvGB2UG0PZme
f7jlAIfEImyOk/+jT6GerdLKnYoiM06ytwehFpmge+x8YETR5Gvdv3w50hWSffTK
HSdhU/WpSnc3ePlGkJsQTGFvECLqZjXiBOWUII21zuwem1PIliE=
=q/Vs
-----END PGP SIGNATURE-----