Version 11.5.0-2 of ironic-python-agent is marked for autoremoval from testing on Mon 25 May 2026. It depends (transitively) on ipmitool, starlette, affected by #1130533, #1134850. You should try to prevent the removal by fixing these RC bugs.
CVE-2026-43003:
An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.
CVE-2026-43003:
An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.
CVE-2026-43003:
An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.
Among the 1 debian patch
available in version 11.5.0-2 of the package,
we noticed the following issues:
1 patch
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.7.4 instead of
4.6.1).
![[bug history graph]](https://qa.debian.org/data/bts/graphs/i/ironic-python-agent.png){kind=link}