[ubuntu/questing-updates] mistral 21.0.0-0ubuntu1.1 (Accepted)

[Ubuntu Archive Robot]

mistral (21.0.0-0ubuntu1.1) questing-security; urgency=high

  [ Myles Penner ]
  * d/gbp.conf: Create stable/2025.2 branch.
  * d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
    flamingo.

  [ Ubuntu Developers ]
  * SECURITY UPDATE: overly permissive publicize policies allow non-admin
    users to make resources public
    - d/p/cve-2026-41283-restrict-publicize-policies-admin-only.patch:
      Restrict publicize policies to admin only for actions, workflows,
      and event triggers.
    - d/p/cve-2026-41283-remove-expect-errors-policy-tests.patch:
      Update policy tests to remove expect_errors from admin-only calls.
    - d/p/cve-2026-41283-add-code-sources-publicize-policy.patch:
      Add publicize policy for code sources resource.
    - d/p/cve-2026-41283-restrict-code-sources-dynamic-actions.patch:
      Restrict code sources and dynamic actions to admin only.
    - d/p/cve-2026-41283-add-dynamic-actions-publicize-policy.patch:
      Add publicize policy for dynamic actions resource.
    - d/p/cve-2026-41283-add-workbooks-publicize-policy.patch:
      Add publicize policy for workbooks resource.
    - d/p/cve-2026-41283-add-cron-triggers-publicize-policy.patch:
      Add publicize policy for cron triggers resource.
    - d/p/cve-2026-41283-add-environments-publicize-policy.patch:
      Add publicize policy for environments resource.
    - CVE-2026-41283

Date: 2026-06-09 14:55:15.282434+00:00
Changed-By: Hemanth Nakkina <hemanth.nakkina at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/mistral/21.0.0-0ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.