[Git][security-tracker-team/security-tracker][master] Track new openstack related issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 4 17:31:01 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b57c776e by Salvatore Bonaccorso at 2026-06-04T18:30:17+02:00
Track new openstack related issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -237,20 +237,37 @@ CVE-2026-3276 (unicodedata.normalize() can take excessive CPU time when processi
NOTE: https://github.com/python/cpython/commit/c5512bd7c1dc28055660565275012766941d3066 (v3.15.0b2)
NOTE: https://github.com/python/cpython/commit/6b505d1f41f8f3ea0fe5a4786d3a8fff1875cfc0 (3.14 branch)
NOTE: https://github.com/python/cpython/commit/ba785b88add96acbf403d65cb157fb2743a33a32 (3.13 branch)
+CVE-2026-XXXX [Mistral workflow execution context exposes Keystone auth token]
+ - mistral <unfixed> (bug #1138849)
+ NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0098
+ NOTE: https://launchpad.net/bugs/2146554
+CVE-2026-44393
+ - python-oslo.messaging <unfixed> (bug #1138848)
+ NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0096
+ NOTE: https://launchpad.net/bugs/2150316
+CVE-2026-XXXX [Horizon RC file generation does not escape special characters in project]
+ - horizon <unfixed> (bug #1138845)
+ NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0097
+ NOTE: https://launchpad.net/bugs/2152240
+CVE-2026-XXXX [Neutron port RBAC policy bypass allows project managers to set trusted device owners on shared networks]
+ - neutron <unfixed> (bug #1138844)
+ NOTE: https://www.openwall.com/lists/oss-security/2026/06/04/6
+ NOTE: https://security.openstack.org/ossa/OSSA-2026-021.html
+ NOTE: https://launchpad.net/bugs/2152115
CVE-2026-41283
- - mistral <unfixed>
+ - mistral <unfixed> (bug #1138843)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/03/14
NOTE: https://launchpad.net/bugs/2147178
CVE-2026-44917
- - ironic <unfixed>
+ - ironic <unfixed> (bug #1138842)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/03/13
NOTE: https://bugs.launchpad.net/ironic/+bug/2148319
CVE-2026-48681
- - ironic <unfixed>
+ - ironic <unfixed> (bug #1138842)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/03/12
NOTE: https://bugs.launchpad.net/ironic/+bug/2148333
CVE-2026-46447
- - ironic <unfixed>
+ - ironic <unfixed> (bug #1138842)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/03/11
NOTE: https://bugs.launchpad.net/ironic/+bug/2150624
CVE-2026-46273 (In the Linux kernel, the following vulnerability has been resolved: i ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b57c776e54fe45459550b562ec97b28ff635cd1a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b57c776e54fe45459550b562ec97b28ff635cd1a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260604/3760bde2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list