-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 08 Jun 2026 22:00:22 +0200 Source: vitrage Binary: python3-vitrage vitrage-api vitrage-collector vitrage-common vitrage-doc vitrage-graph vitrage-ml vitrage-notifier vitrage-persistor vitrage-snmp-parsing Architecture: all Version: 9.0.0-3.1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: all Build Daemon (x86-csail-02) Changed-By: Thomas Goirand Description: python3-vitrage - OpenStack RCA as a Service - Python libs vitrage-api - OpenStack RCA as a Service - API server vitrage-collector - OpenStack RCA as a Service - Collector service vitrage-common - OpenStack RCA as a Service - metapackage vitrage-doc - OpenStack RCA as a Service - documentation vitrage-graph - OpenStack RCA as a Service - Graph service vitrage-ml - OpenStack RCA as a Service - Machine Learning Service vitrage-notifier - OpenStack RCA as a Service - Notifier Service vitrage-persistor - OpenStack RCA as a Service - Persistor Service vitrage-snmp-parsing - OpenStack RCA as a Service - SNMP Parsing Service Closes: 1139452 Changes: vitrage (9.0.0-3.1+deb12u1) bookworm; urgency=medium . * CVE-2026-28370 / OSSA-2026-003: Remote code execution through Vitrage query parser. Applied upstream patch: Replace eval with function matching. (Closes: #1139452) Checksums-Sha1: 6539c67e90de0268ab5e0ab023310231ec0fdf89 262432 python3-vitrage_9.0.0-3.1+deb12u1_all.deb 996fcd42badf5e55907ff940283768b28c3a8cb1 22672 vitrage-api_9.0.0-3.1+deb12u1_all.deb 2259c65187da51635ba1cfee585307b1a756ff81 6860 vitrage-collector_9.0.0-3.1+deb12u1_all.deb df3681b65db25e608f1cb8956da6ef934d99c575 40124 vitrage-common_9.0.0-3.1+deb12u1_all.deb 4b6bdfaed0b81745a83390bcbd96da67eb1662cf 2233912 vitrage-doc_9.0.0-3.1+deb12u1_all.deb 4a3f8d71e6182745b017ee2318b1828f573a1c33 6844 vitrage-graph_9.0.0-3.1+deb12u1_all.deb af470bdf7c408464dd5290184cd7cda04af2a01a 6872 vitrage-ml_9.0.0-3.1+deb12u1_all.deb d43aa2e842f276511e4ba1f8033b1fc2f7680fb2 6856 vitrage-notifier_9.0.0-3.1+deb12u1_all.deb 141e7a7eb136e28ba5838b85160e2dd76a546b36 6860 vitrage-persistor_9.0.0-3.1+deb12u1_all.deb dd20db9f3c9e09dab39e74ca8734f9b80e330cfc 6876 vitrage-snmp-parsing_9.0.0-3.1+deb12u1_all.deb 8f001f3db51c68c8c8fefc9d7d9f42e48d9e794c 19682 vitrage_9.0.0-3.1+deb12u1_all-buildd.buildinfo Checksums-Sha256: 60e14418d6db4bff416f2eaac2c6bb2100070ad0b536c0532caf255c8d50f24e 262432 python3-vitrage_9.0.0-3.1+deb12u1_all.deb b7d34e55621dff0d50ce8486645364a54b0e8c45a563943090de10a946840953 22672 vitrage-api_9.0.0-3.1+deb12u1_all.deb b0755fbfd260013db357250b60839800cc7a8a717781de58c35f95ae4fb7b337 6860 vitrage-collector_9.0.0-3.1+deb12u1_all.deb 8eefa9235b5b71985fcf817333a5adbd52610cd2f4ce08e350140e8db3230e56 40124 vitrage-common_9.0.0-3.1+deb12u1_all.deb feb47ca1ceb33215336f3f89851e91de7c66e62c4adbeba27e115ee9aaea95cb 2233912 vitrage-doc_9.0.0-3.1+deb12u1_all.deb 672045af5804033620fbd4e0fcb9f230dbc903abd6793e2ab2e39e10b7f73fb3 6844 vitrage-graph_9.0.0-3.1+deb12u1_all.deb 126f6f841fa127674cfc9ed0a4280f275d4cdbad0b1a2d6cd4b48d7418fe3462 6872 vitrage-ml_9.0.0-3.1+deb12u1_all.deb f501f08168dd3c28431a8e640c9a8e1eab9f6e1e89b819101500f9ccf73ca7ed 6856 vitrage-notifier_9.0.0-3.1+deb12u1_all.deb 9e1305e0ba760aec8bdf73caed8471b30ff33a7a9bdea2955b7154a0e1d67d4a 6860 vitrage-persistor_9.0.0-3.1+deb12u1_all.deb 1a7301c36690ddc3dac74c95ad068ae332ea8ab91267f319e57dd62145e1c881 6876 vitrage-snmp-parsing_9.0.0-3.1+deb12u1_all.deb 9a5c5b30aea2e64c172fa90330b9e2ba1aedb370c3aeec458a0bfe3218ba7e93 19682 vitrage_9.0.0-3.1+deb12u1_all-buildd.buildinfo Files: c0ce474c0dab09c118923e5c3a7d73ff 262432 python optional python3-vitrage_9.0.0-3.1+deb12u1_all.deb 72693712789a35d440bcb0109b087440 22672 net optional vitrage-api_9.0.0-3.1+deb12u1_all.deb 989ef671ee9aab2f891acf36132983fc 6860 net optional vitrage-collector_9.0.0-3.1+deb12u1_all.deb 7ae26db324a02c055b5f1a43c8656972 40124 net optional vitrage-common_9.0.0-3.1+deb12u1_all.deb a43d9f7f2d5c0eff7b263256f573f975 2233912 doc optional vitrage-doc_9.0.0-3.1+deb12u1_all.deb 4e8ce789950f9a8d29b2c3e1fae134b0 6844 net optional vitrage-graph_9.0.0-3.1+deb12u1_all.deb 56afde8e4b5d5b8568c34ed571817984 6872 net optional vitrage-ml_9.0.0-3.1+deb12u1_all.deb 806a4b6c51210033c7b327adddb9351e 6856 net optional vitrage-notifier_9.0.0-3.1+deb12u1_all.deb 589bd261cf2fbf44cdb54559efa0b6fc 6860 net optional vitrage-persistor_9.0.0-3.1+deb12u1_all.deb 7ab41c2a05c370177d9babf6da16a939 6876 net optional vitrage-snmp-parsing_9.0.0-3.1+deb12u1_all.deb 6d74bae76bfada31843455b8ac5c9833 19682 net optional vitrage_9.0.0-3.1+deb12u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXLxUpUHQBQBTDtd4aBVi67oXtfkFAmoxu3QACgkQaBVi67oX tfnDAQ/+Nin6uNoPN86tsKUXFNCCCz0JqnZyONH67OZpIsqMqY/3LGY8rQ2IwoB9 DIPCxa/338WGCZbwL0zsh9mzmAKaw+SLG4BWCi41TGtMz/uefmQuRJwNsWmZhy4L sFhKUVd2sJZdx/QFPPbzm2ZRfnPD3SB6vKYiB6ntsZnrOf6ez5sYYkrSNE/2nw+N cXQ9drzUtEXQqpYqALD+OOpUseFRl0cYvnOS7lh1wIg7DhxuQpyU6o3MQWsVbnP0 qdB8p/nJ3Y6NTaej/PBAKITS51a2WxoF7ElmkX65Z3bmpLxDWsxNqBZDuQmlwi7T Kc6HMc0hu1nKhKI3LxUkLte6GgI58xfGfpK54Uo2c/uWBSOIrLyJm4S2q+Otk3Ij UQnwluromJ7IJmzYry23U8AMTkHU+JPddFxseDgyPnIw7nYqfBiJteKEN5WRjYDx 12vRDED3+nCy6Nr/XlOXCR1pxalz5+Vb0BTz4iGGbE3GM7i6bUzTNOJ3T7lxixGJ CohTp/zuZvVhVAhgGB/Ym6Qlu2ZfV22NS0lM/ZVXA6M/Ik9lKFNPlDTrCYaGOMZf 7pgJMw0EFn1LLyHMC34j/EsyxOaBPQRfh/btsHpy2J839hxzxy4EfsqkY9ilu7Nr 7UysfHnfo6cf/V0dt2Q69qZfANoGwXESx1Tu3YX4z+9aDzMOcSU= =Y6XI -----END PGP SIGNATURE-----