Control: tag -1 pending Hello,
Bug #1138842 in ironic reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/openstack-team/services/ironic/-/commit/b18282faabc957991fda9d4831828a30d659f747 ------------------------------------------------------------------------ * CVE-2026-44917: Ironic does not validate the location of node.driver_info[pxe_template], allowing a user who can set it to expose arbitrary files on an internal Ironic network, such as the servicing, provisioning, or cleaning networks. Applied upstream patch: - CVE-2026-44917_disable-driver_info-level-pxe_template-override.patch * CVE-2026-46447: A user with access to add or modify node.driver_info or node.instance_info can create a crafted value to enable iPXE script execution during the boot process. Applied upstream patch: - CVE-2026-46447_Sanitize-kernel_append_parms.patch * CVE-2026-48681: A maliciously crafted ISO image can cause Ironic to perform path traversal and overwrite files on a conductor's disk. Applied upstream patch: - CVE-2026-48681-directory_transversal_ISO9660_support.patch (Closes: #1138842) ------------------------------------------------------------------------ (this message was generated automatically) -- Greetings https://bugs.debian.org/1138842
