[Git][security-tracker-team/security-tracker][master] ironic, neutron DSAs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
157132fe by Moritz Mühlenhoff at 2026-06-11T20:18:06+02:00
ironic,neutron DSAs

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5921,6 +5921,8 @@ CVE-2026-XXXX [Mistral workflow execution context exposes Keystone auth token]
 	NOTE: https://launchpad.net/bugs/2146554
 CVE-2026-44393 (An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3 ...)
 	- python-oslo.messaging <unfixed> (bug #1138848)
+	[trixie] - python-oslo.messaging 16.1.0-3+deb13u1
+	[bookworm] - python-oslo.messaging 14.0.3-0+deb12u1
 	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0096
 	NOTE: https://launchpad.net/bugs/2150316
 CVE-2026-XXXX [Horizon RC file generation does not escape special characters in project]
@@ -18719,8 +18721,6 @@ CVE-2026-45028 (Astro is a web framework. Astro versions prior to 6.1.10 used AE
 	NOT-FOR-US: Astro
 CVE-2026-44919 (In OpenStack Ironic through 35.x before a3f6d73, during image handling ...)
 	- ironic 1:35.0.1-3 (bug #1136655)
-	[trixie] - ironic <no-dsa> (Minor issue)
-	[bookworm] - ironic <no-dsa> (Minor issue)
 	[bullseye] - ironic <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ironic/+bug/2150332
 	NOTE: https://opendev.org/openstack/ironic/commit/a3f6d735ac3642ab95b49142c7305f072ae748d0
@@ -23686,8 +23686,6 @@ CVE-2026-4935 (The OttoKit: All-in-One Automation Platform WordPress plugin befo
 	NOT-FOR-US: WordPress plugin
 CVE-2026-44916 (In OpenStack Ironic before 35.0.2 (in a certain non-default configurat ...)
 	- ironic 1:35.0.1-2 (bug #1136005)
-	[trixie] - ironic <no-dsa> (Minor issue)
-	[bookworm] - ironic <no-dsa> (Minor issue)
 	[bullseye] - ironic <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ironic/+bug/2148307
 	NOTE: https://review.opendev.org/c/openstack/ironic/+/987514
@@ -26625,8 +26623,6 @@ CVE-2026-43002 (An issue was discovered in OpenStack Horizon 25.6 and 25.7 befor
 	NOTE: https://bugs.launchpad.net/horizon/+bug/2150331
 CVE-2026-42997 (An issue was discovered in idrac in OpenStack Ironic before 35.0.1. Du ...)
 	- ironic 1:35.0.1-1 (bug #1135811)
-	[trixie] - ironic <no-dsa> (Minor issue; can be fixed via point release)
-	[bookworm] - ironic <no-dsa> (Minor issue; can be fixed via point release)
 	[bullseye] - ironic <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ironic/+bug/2148317
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/10
@@ -243412,7 +243408,6 @@ CVE-2024-20439 (A vulnerability in Cisco Smart Licensing Utility (CSLU) could al
 	NOT-FOR-US: Cisco
 CVE-2024-44082 (In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13. ...)
 	- ironic 1:26.1.0-1
-	[bookworm] - ironic <no-dsa> (Minor issue)
 	[bullseye] - ironic <postponed> (Minor issue; can be fixed in next update)
 	- ironic-python-agent 9.14.0-1
 	NOTE: https://www.openwall.com/lists/oss-security/2024/09/04/4


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,10 @@
+[11 Jun 2026] DSA-6341-1 ironic - security update
+	{CVE-2024-44082 CVE-2026-42997 CVE-2026-44916 CVE-2026-44917 CVE-2026-44919 CVE-2026-46447 CVE-2026-48681}
+	[bookworm] - ironic 1:21.4.4-0+deb12u1
+	[trixie] - ironic 1:29.0.5-0+deb13u2
+[11 Jun 2026] DSA-6340-1 neutron - security update
+	{CVE-2026-50266}
+	[trixie] - neutron 2:26.0.3-0+deb13u2
 [11 Jun 2026] DSA-6339-1 libinput - security update
 	{CVE-2026-50292}
 	[bookworm] - libinput 1.22.1-1+deb12u1


=====================================
data/dsa-needed.txt
=====================================
@@ -40,8 +40,6 @@ gst-plugins-good1.0/oldstable (jmm)
 --
 inkscape/oldstable
 --
-ironic (jmm)
---
 isc-kea/oldstable
 --
 jetty9
@@ -69,8 +67,6 @@ mimetex/oldstable
 --
 netty
 --
-neutron/stable (jmm)
---
 nss/oldstable
 --
 opennds/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/157132fe4f79d6c1e74acdeef72edc9f53741ca7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/157132fe4f79d6c1e74acdeef72edc9f53741ca7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260611/bcc3d493/attachment-0001.htm>