[Git][security-tracker-team/security-tracker][master] Update status for CVE-2021-4472/{mistral-dashboard,python-mistralclient}

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 28 20:35:07 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ed9f2387 by Salvatore Bonaccorso at 2025-11-28T21:34:22+01:00
Update status for CVE-2021-4472/{mistral-dashboard,python-mistralclient}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -411,7 +411,13 @@ CVE-2025-12571 (GitLab has remediated an issue in GitLab CE/EE affecting all ver
 CVE-2025-11461 (Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsa ...)
 	NOT-FOR-US: Frappe CRM
 CVE-2021-4472 (The mistral-dashboard plugin for openstack has a local file inclusion  ...)
-	NOT-FOR-US: mistral plugin
+	- mistral-dashboard 15.0.0~rc1-1
+	- python-mistralclient 1:4.3.0-2
+	NOTE: https://review.opendev.org/c/openstack/mistral-dashboard/+/800952
+	NOTE: Fixed by: https://opendev.org/openstack/mistral-dashboard/commit/8b876b0b22b365f24af1eb9eae01ad3d22cc1533 (15.0.0.0rc1)
+	NOTE: Fixed by: https://opendev.org/openstack/mistral-dashboard/commit/c077728bfa6001f0cb1ac22b0bacd74eb1967b04 (14.0.1)
+	NOTE: https://review.opendev.org/c/openstack/python-mistralclient/+/800950
+	NOTE: Fixed by: https://opendev.org/openstack/python-mistralclient/commit/ab54cb9ae576c2b29c7cd9a9628f3908aaa3e0ee (4.3.0)
 CVE-2025-9558 (There is a potential OOB Write vulnerability in the gen_prov_start fun ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-9557 (An out-of-bound write can lead to an arbitrary code execution. Even on ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed9f2387dfd7150b4891b1c4daa8ec45cc351502

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed9f2387dfd7150b4891b1c4daa8ec45cc351502
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251128/15cc4339/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list