Package "mistral"

  mistral (21.0.0-0ubuntu1.1) questing-security; urgency=high

  [ Myles Penner ]
  * d/gbp.conf: Create stable/2025.2 branch.
  * d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
    flamingo.

  [ Ubuntu Developers ]
  * SECURITY UPDATE: overly permissive publicize policies allow non-admin
    users to make resources public
    - d/p/cve-2026-41283-restrict-publicize-policies-admin-only.patch:
      Restrict publicize policies to admin only for actions, workflows,
      and event triggers.
    - d/p/cve-2026-41283-remove-expect-errors-policy-tests.patch:
      Update policy tests to remove expect_errors from admin-only calls.
    - d/p/cve-2026-41283-add-code-sources-publicize-policy.patch:
      Add publicize policy for code sources resource.
    - d/p/cve-2026-41283-restrict-code-sources-dynamic-actions.patch:
      Restrict code sources and dynamic actions to admin only.
    - d/p/cve-2026-41283-add-dynamic-actions-publicize-policy.patch:
      Add publicize policy for dynamic actions resource.
    - d/p/cve-2026-41283-add-workbooks-publicize-policy.patch:
      Add publicize policy for workbooks resource.
    - d/p/cve-2026-41283-add-cron-triggers-publicize-policy.patch:
      Add publicize policy for cron triggers resource.
    - d/p/cve-2026-41283-add-environments-publicize-policy.patch:
      Add publicize policy for environments resource.
    - CVE-2026-41283

 -- Hemanth Nakkina <email address hidden> Sun, 31 May 2026 13:01:30 +0530