Control: clone -1 -2 Control: reassign -2 src:ironic 1:35.0.1-1 Control: retitle -2 ironic: CVE-2026-43003
Hi, On Mon, May 04, 2026 at 06:57:52AM +0200, Salvatore Bonaccorso wrote: > Source: ironic-python-agent > Version: 11.5.0-2 > Severity: important > Tags: security upstream > Forwarded: https://bugs.launchpad.net/ironic-python-agent/+bug/2148310 > X-Debbugs-Cc: [email protected], Debian Security Team > <[email protected]> > Control: found -1 10.2.0-3 > > Hi, > > The following vulnerability was published for ironic-python-agent. > > CVE-2026-43003[0]: > | An issue was discovered in OpenStack ironic-python-agent 1.0.0 > | through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub- > | install from within a chroot of the deployed partition image, > | leading to code execution in the case of a malicious image. According to https://www.openwall.com/lists/oss-security/2026/06/16/11 there is as well a part in ironic to be addressed. So cloning this bug for the src:ironic part purpose as well. Regards, Salvatore
