Debian Patches
Status for mistral/20.0.0-2+deb13u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| install-missing-files.patch | Install missing files | Thomas Goirand <zigo@debian.org> | not-needed | 2018-02-25 | ||
| cve-2026-41283-stable-2025.1.patch | [PATCH 1/8] Restrict publicize policies to admin only The publicize policy for workflows, actions, and event triggers was using admin_or_owner which allowed any project member to make resources public. This changes all publicize policies to admin_only. Also adds missing publicize enforcement on event triggers (update), and introduces a consistent event_triggers:publicize policy replacing the former event_triggers:create:public. |
Arnaud Morin <arnaud.morin@gmail.com> | no | 2026-03-30 | ||
| OSSN-0098_Strip_sensitive_info_from_workflow_execution_context.patch | [PATCH] Strip sensitive info from workflow execution context Remove the Keystone auth_token and service_catalog from the openstack data stored in the workflow execution context. This prevents the token from being persisted in the database, exposed to workflow authors via $.openstack.auth_token YAQL expressions, and leaked in error log messages. . Actions are not affected as they receive their token through the RPC context. =================================================================== |
Arnaud Morin <arnaud.morin@gmail.com> | yes | debian upstream | upstream, https://review.opendev.org/c/openstack/mistral/+/991391 | 2026-06-05 |
All known versions for source package 'mistral'
- 22.0.0-1 (sid, forky)
- 20.0.0-2+deb13u1 (trixie, trixie-security)
- 15.0.0-1+deb12u1 (bookworm, bookworm-security)
