Package "mistral"

  mistral (18.0.1-0ubuntu1.1) noble-security; urgency=medium

  * SECURITY UPDATE: unauthorized resource publication via overly permissive
    publicize policies in workflows, actions, event triggers, code sources,
    dynamic actions, workbooks, cron triggers, and environments.
    - debian/patches/CVE-2026-41283-1.patch: restrict publicize policies to
      admin_only for workflows, actions and event triggers.
    - debian/patches/CVE-2026-41283-2.patch: clean up unnecessary
      expect_errors=True in policy tests.
    - debian/patches/CVE-2026-41283-3.patch: add code_sources:publicize
      policy (admin_only) and enforce on create/update.
    - debian/patches/CVE-2026-41283-4.patch: restrict code_sources and
      dynamic_actions operations to admin_only.
    - debian/patches/CVE-2026-41283-5.patch: add dynamic_actions:publicize
      policy (admin_only) and enforce on create/update.
    - debian/patches/CVE-2026-41283-6.patch: add workbooks:publicize policy
      (admin_only) and enforce on create/update.
    - debian/patches/CVE-2026-41283-7.patch: add cron_triggers:publicize
      policy (admin_only) and enforce on create.
    - debian/patches/CVE-2026-41283-8.patch: add environments:publicize
      policy (admin_only) and enforce on create/update.
    - CVE-2026-41283

 -- Federico Quattrin <email address hidden> Tue, 09 Jun 2026 16:28:39 -0300