Your message dated Thu, 18 Jun 2026 13:34:32 +0000
with message-id <[email protected]>
and subject line Bug#1135646: fixed in ironic-python-agent 11.5.0-3
has caused the Debian Bug report #1135646,
regarding ironic-python-agent: CVE-2026-43003
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1135646: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135646
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ironic-python-agent
Version: 11.5.0-2
Severity: important
Tags: security upstream
Forwarded: https://bugs.launchpad.net/ironic-python-agent/+bug/2148310
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 10.2.0-3
Hi,
The following vulnerability was published for ironic-python-agent.
CVE-2026-43003[0]:
| An issue was discovered in OpenStack ironic-python-agent 1.0.0
| through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-
| install from within a chroot of the deployed partition image,
| leading to code execution in the case of a malicious image.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-43003
https://www.cve.org/CVERecord?id=CVE-2026-43003
[1] https://bugs.launchpad.net/ironic-python-agent/+bug/2148310
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ironic-python-agent
Source-Version: 11.5.0-3
Done: Thomas Goirand <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ironic-python-agent, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated ironic-python-agent
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 01 Jun 2026 13:21:49 +0200
Source: ironic-python-agent
Architecture: source
Version: 11.5.0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 1135646
Changes:
ironic-python-agent (11.5.0-3) unstable; urgency=medium
.
* CVE-2026-43003: Command injection via chroot execution of tenant-controlled
binaries. Applied upstream patch: "Add a flag to disable installing
bootloaders" (Closes: #1135646).
Checksums-Sha1:
d975c6e2586e721bcab1ec2e6f06dd876e9b11ae 2658 ironic-python-agent_11.5.0-3.dsc
5f731e533d06eead1852c49029049fe84f7956cd 7380
ironic-python-agent_11.5.0-3.debian.tar.xz
b861f903579f4f52b5edf3a938da8464fefedcee 12704
ironic-python-agent_11.5.0-3_amd64.buildinfo
Checksums-Sha256:
c36498c3b4220e5f72077ed43f1a7e3fa089f7d708ac112163a78370f8e40813 2658
ironic-python-agent_11.5.0-3.dsc
6e749a9a1087378857365339287c9106953acc74fd3a1fff73ede825d4b030c1 7380
ironic-python-agent_11.5.0-3.debian.tar.xz
99bc64370c398489826847d7666a94cef2276265e762a98ad4de4aa020ba3d42 12704
ironic-python-agent_11.5.0-3_amd64.buildinfo
Files:
0fd049728f8ad61083d8ed2b49ef7df2 2658 net optional
ironic-python-agent_11.5.0-3.dsc
cc4b7b38d3b98263fbe181780abb8738 7380 net optional
ironic-python-agent_11.5.0-3.debian.tar.xz
4369640721524a34f0cf269a76d2a3dc 12704 net optional
ironic-python-agent_11.5.0-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmoz78gACgkQ1BatFaxr
Q/6vpQ/6AoxjQlzOpG4qRNKwIVtri4CMl2f1eDF+uNcqN/pfL2zAfccMk9lgbXY4
f67JmN67lbbDw1LhcJgnt7TUujVaGbuNB4IHcK0Pdx+95pncC0vZ8+ICeo62vwB3
7ELZ8EoaVGA92wr5ynAWiWQgBCcBU/JZ8blEwVUpbpgtyYPJM++knwf3fmmyLf1D
Z+yZS7RgtJ6BcDCHolC9VG4n8YFWicaczSYNEJxP2OVDZUw8XK685RjEwXm5uvua
tloZa3+4aqwSoZhQzVBje7+mXiWS2eVmx4tRn86KjqifQUlV6ORJPQ7f9ZpopNyd
VJ4A6QwCGvBSwlPZ2uPmnBiXaspyT+mpJ0MhjaTMJNdSLbM0ARsvXQxh8Fe/HCd6
ZH7Fs6pj2IlECHXYhzdKhfNRIVQ0A0HNvwnhkpluZVOZdjcauvePlK9O8lpyoQPk
+wjgumH3ZFtawIFZJw0to3PU1WLV+7YolsKYDAkzgq3CTH6Ha2XImXy4nu4CVL0c
mn9flBwgXxHATimxt0e9kRcPNbDA4G4S+qwvMRPcVLXUjRX362n/VDFQDNdBQLsC
aaV51Aukgs0LMr8T6w1tLrep4bjeelM/yllr7eDN6YzZAarTnldRTG6FWaoCAceC
70PvBp9vIQO8s5yCTIEerN1unM5nCCD1DNHSapyfAudJGNxC91g=
=xCC3
-----END PGP SIGNATURE-----
pgp0IgaU6jkzZ.pgp
Description: PGP signature
--- End Message ---
