Register | Log in

vitrage

Choose email to subscribe with

general

source: vitrage (main)
version: 14.0.0-4+deb13u1
maintainer: Debian OpenStack (DMD)
uploaders: Thomas Goirand [DMD] – Michal Arbet [DMD]
arch: all
std-ver: 4.5.0
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 7.3.0-2
oldstable: 9.0.0-3.1
old-p-u: 9.0.0-3.1+deb12u1
stable: 14.0.0-4
stable-p-u: 14.0.0-4+deb13u1

versioned links

7.3.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.0.0-3.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.0.0-3.1+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
14.0.0-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
14.0.0-4+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python3-vitrage
vitrage-api
vitrage-collector
vitrage-common
vitrage-doc
vitrage-graph
vitrage-ml
vitrage-notifier
vitrage-persistor
vitrage-snmp-parsing

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2026-28370: In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise of the Vitrage service. All deployments exposing the Vitrage API are affected. This occurs in _create_query_function in vitrage/graph/query.py.

Created: 2026-02-27 Last update: 2026-06-10 18:47

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-28370: (needs triaging) In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise of the Vitrage service. All deployments exposing the Vitrage API are affected. This occurs in _create_query_function in vitrage/graph/query.py.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-02-27 Last update: 2026-06-10 18:47

news

[2026-06-16] Accepted vitrage 14.0.0-4+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Thomas Goirand)
[2026-06-16] Accepted vitrage 9.0.0-3.1+deb12u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Thomas Goirand)
[2026-04-21] vitrage REMOVED from testing (Debian testing watch)
[2026-04-20] Removed 15.0.1-2 from unstable (Debian FTP Masters)
[2025-12-11] vitrage 15.0.1-2 MIGRATED to testing (Debian testing watch)
[2025-12-07] Accepted vitrage 15.0.1-2 (source) into unstable (Thomas Goirand)
[2025-11-20] vitrage 15.0.1-1 MIGRATED to testing (Debian testing watch)
[2025-10-20] Accepted vitrage 15.0.1-1 (source) into unstable (Thomas Goirand)
[2025-10-01] Accepted vitrage 15.0.0-1 (source) into unstable (Thomas Goirand)
[2025-09-30] Accepted vitrage 15.0.0~rc1-2 (source) into unstable (Thomas Goirand)
[2025-09-16] Accepted vitrage 15.0.0~rc1-1 (source) into experimental (Thomas Goirand)
[2025-07-23] vitrage 14.0.0-4 MIGRATED to testing (Debian testing watch)
[2025-07-11] Accepted vitrage 14.0.0-4 (source) into unstable (Thomas Goirand)
[2025-04-12] vitrage 14.0.0-3 MIGRATED to testing (Debian testing watch)
[2025-04-10] Accepted vitrage 14.0.0-3 (source) into unstable (Thomas Goirand)
[2025-04-10] Accepted vitrage 14.0.0-2 (source) into unstable (Thomas Goirand)
[2025-04-02] Accepted vitrage 14.0.0-1 (source) into unstable (Thomas Goirand)
[2025-03-28] Accepted vitrage 14.0.0~rc1-2 (source) into unstable (Thomas Goirand)
[2025-03-25] Accepted vitrage 14.0.0~rc1-1 (source) into experimental (Thomas Goirand)
[2025-03-25] Accepted vitrage 13.0.0-6 (source) into unstable (Thomas Goirand)
[2024-12-27] Accepted vitrage 13.0.0-5 (source) into unstable (Thomas Goirand)
[2024-12-21] Accepted vitrage 13.0.0-4 (source) into unstable (Thomas Goirand)
[2024-12-20] Accepted vitrage 13.0.0-3 (source) into unstable (Thomas Goirand)
[2024-12-18] Accepted vitrage 13.0.0-2 (source) into unstable (Thomas Goirand)
[2024-10-02] Accepted vitrage 13.0.0-1 (source) into unstable (Thomas Goirand)
[2024-09-20] Accepted vitrage 13.0.0~rc1-2 (source) into unstable (Thomas Goirand)
[2024-09-17] Accepted vitrage 13.0.0~rc1-1 (source) into experimental (Thomas Goirand)
[2024-04-08] Accepted vitrage 12.0.0-1 (source) into unstable (Thomas Goirand)
[2024-03-18] Accepted vitrage 12.0.0~rc1-2 (source) into experimental (Thomas Goirand)
[2024-03-17] Accepted vitrage 12.0.0~rc1-1 (source) into experimental (Thomas Goirand)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs
popcon
browse source code
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 15.0.0+git20250930.3.5b57e2b3-0ubuntu1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing