-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Jun 2026 09:48:17 +0200
Source: vitrage
Binary: python3-vitrage vitrage-api vitrage-collector vitrage-common vitrage-doc vitrage-graph vitrage-ml vitrage-notifier vitrage-persistor vitrage-snmp-parsing
Architecture: all
Version: 14.0.0-4+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) <buildd_amd64-x86-grnet-03@buildd.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
 python3-vitrage - OpenStack RCA as a Service - Python libs
 vitrage-api - OpenStack RCA as a Service - API server
 vitrage-collector - OpenStack RCA as a Service - Collector service
 vitrage-common - OpenStack RCA as a Service - metapackage
 vitrage-doc - OpenStack RCA as a Service - documentation
 vitrage-graph - OpenStack RCA as a Service - Graph service
 vitrage-ml - OpenStack RCA as a Service - Machine Learning Service
 vitrage-notifier - OpenStack RCA as a Service - Notifier Service
 vitrage-persistor - OpenStack RCA as a Service - Persistor Service
 vitrage-snmp-parsing - OpenStack RCA as a Service - SNMP Parsing Service
Closes: 1139452
Changes:
 vitrage (14.0.0-4+deb13u1) trixie; urgency=medium
 .
   * CVE-2026-28370 / OSSA-2026-003: Remote code execution through Vitrage query
     parser. Applied upstream patch "Replace eval with function matching".
     (Closes: #1139452)
Checksums-Sha1:
 bd19764f3fedd65346bcab1d4fbec931d23a4d3a 261280 python3-vitrage_14.0.0-4+deb13u1_all.deb
 0ecc2d00e540550976ed65a8cc00094745606943 25032 vitrage-api_14.0.0-4+deb13u1_all.deb
 5faa63a6c594a02e839ffeea0701fc0b32fcedcb 7960 vitrage-collector_14.0.0-4+deb13u1_all.deb
 de2c42f0391dfe88a04ee5db57fd7484457c006c 42088 vitrage-common_14.0.0-4+deb13u1_all.deb
 61fb1149bbf60540e3278442b5cd643d09da64ca 2245336 vitrage-doc_14.0.0-4+deb13u1_all.deb
 3be772b58b4025b7dc03a3fdbb98a44166463b25 7944 vitrage-graph_14.0.0-4+deb13u1_all.deb
 033e635efd194c1684f744c13cb1f476c615bb89 7968 vitrage-ml_14.0.0-4+deb13u1_all.deb
 ae2f161b45cad070c503d1cc1847b88aa461dd50 7952 vitrage-notifier_14.0.0-4+deb13u1_all.deb
 7812a6f0065de011fd0da46557f8292e6478af69 7956 vitrage-persistor_14.0.0-4+deb13u1_all.deb
 91bc1d38229ddae6a9f09194d0fc019abcf9cefa 7972 vitrage-snmp-parsing_14.0.0-4+deb13u1_all.deb
 9d0b37fe8fad611e973eaeda4f4f2b31574132cf 19369 vitrage_14.0.0-4+deb13u1_all-buildd.buildinfo
Checksums-Sha256:
 50f4d325eee2a466f0e52978d4db12dc9fb94721ca60d7cfd8339e18d5c1336d 261280 python3-vitrage_14.0.0-4+deb13u1_all.deb
 1e123caefe596891e9c2b817d02fb56f188d064533106c2c6bc524300e45e931 25032 vitrage-api_14.0.0-4+deb13u1_all.deb
 5d0bb3ea23b635ed0c7b70fa82e8c3c9118dc7b0e74d129a8016558bfe1436c4 7960 vitrage-collector_14.0.0-4+deb13u1_all.deb
 8cf63fc55e356224482bf21e40cd2311868730d06c08ce866da3b3447c4edd40 42088 vitrage-common_14.0.0-4+deb13u1_all.deb
 1ef8a98f291cb054b076e2cfa1c4cb0eed4fe3db9cc03a5b1a84ee4b4479a321 2245336 vitrage-doc_14.0.0-4+deb13u1_all.deb
 12a525ce25cdc890b5201e806151306710c3b6944a99974aaece3f36cafbe261 7944 vitrage-graph_14.0.0-4+deb13u1_all.deb
 331f2398cebeea48906c815ffee8aa52e0d87db97a52df93555c3bcc9cca84af 7968 vitrage-ml_14.0.0-4+deb13u1_all.deb
 c4887ca2e3d66b895ea14de3e9bf49f3ee52a85d9d45cd7e1779063d8eee53d2 7952 vitrage-notifier_14.0.0-4+deb13u1_all.deb
 1f06149170516876c0e6eeaf2e9be28635650a59c114bcd29adf058cfe404b30 7956 vitrage-persistor_14.0.0-4+deb13u1_all.deb
 8a1b8f71cf84832ec1039ded439a14b311d40e82152b91e322f2a09678bb66da 7972 vitrage-snmp-parsing_14.0.0-4+deb13u1_all.deb
 6c6bad39350a24363a79865a663887bb57672e498ced370465f0cd3651035b74 19369 vitrage_14.0.0-4+deb13u1_all-buildd.buildinfo
Files:
 f72790f8eee8f482e5c6e05524a103fc 261280 python optional python3-vitrage_14.0.0-4+deb13u1_all.deb
 fa3091550f791477e291a21f41061769 25032 net optional vitrage-api_14.0.0-4+deb13u1_all.deb
 b06b5a69b365059878996b9df0350f17 7960 net optional vitrage-collector_14.0.0-4+deb13u1_all.deb
 9c1b376bf2735e7bb798cd4ea580031b 42088 net optional vitrage-common_14.0.0-4+deb13u1_all.deb
 ab4ae7bcfce8f40a2e30b047cb2e43aa 2245336 doc optional vitrage-doc_14.0.0-4+deb13u1_all.deb
 6f9cec0ad820bde23bf302dd8daf4ea6 7944 net optional vitrage-graph_14.0.0-4+deb13u1_all.deb
 65dfaecc4a44fbaa3eac1c383132af28 7968 net optional vitrage-ml_14.0.0-4+deb13u1_all.deb
 8af0a7f6f55e60f5cfab21078736c31f 7952 net optional vitrage-notifier_14.0.0-4+deb13u1_all.deb
 29092d4386e756015deb829913fdce7a 7956 net optional vitrage-persistor_14.0.0-4+deb13u1_all.deb
 495f419555b5afe40e2d6d369ac3cedd 7972 net optional vitrage-snmp-parsing_14.0.0-4+deb13u1_all.deb
 630cca929bab79e52cf284b32ca87bfd 19369 net optional vitrage_14.0.0-4+deb13u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE5ZI1lXv5WjhHIVjsN8Ugyu9dQiQFAmoxvUkACgkQN8Ugyu9d
QiQBHQ//TmSx0dEpEFuxCyoFHJ8HrQCLBXeX96aiaDX9KMYaIbj9su5docM9WvD0
r8oQHfgbCTBlaKLzFPGqeL9CAdBXlefHs9uzLPW3nAudSq8nvJO0n09al68TXqjz
6kbrUp93p2Bjlpwb3FeO7um5KY5hyKvAaeTPHa7Ro5p5VCy/v1a90fd8JV5FcMa7
kUWJ8Kwb5BGTzvHYsRt7Blb27zLBKP/7y0YAQFmuZVngde2DjjqXwvRZGngDMqp/
bAhCWwlRmobH5oowC3RRuGDYX74Ohlmcx6j1hENUp2iyV38HDe0Rs3KbBuvH+kH3
8Sp79BR+VebH/zss3NdTkNMSsZwXPt11+gGoICCTkqBlJnJkldsGZAJmIhVzPxUu
T8KfQ+Ci8nlfD0Tj3AmCqQHBcerKfcneGT8J3S1c4qJh5vFd9Kd2elU/eYapvgkX
j4pVTwa8IQ68R0cdEXhqimSOWwVVqtQ9ABvq2sZ32/HUOVWjOCx2CKSXdnDgDQJh
YcCW2WhzD46QC0xgmuxXSWKAXNHPfsYsNh/psekocscq4kaYeRDJMBM1h4W3mztB
VYMCbm3tlpqg1GmGyOC8gSdpp7u49lIeL/bJuRda28CpJBDOklRlO7IVMkRpbNdz
8Mo5Uyd/GRXvAbRj/Vet7+brCXaMHRORKoZ29ctWFW6aUD1ZYm4=
=E6/q
-----END PGP SIGNATURE-----
