1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted nova 2:26.2.2-1~deb12u3 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Wed Aug 21 22:40:02 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Wed, 10 Jul 2024 23:49:31 +0200
    Source: nova
    Architecture: source
    Version: 2:26.2.2-1~deb12u3
    Distribution: bookworm-security
    Urgency: high
    Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
    Changed-By: Thomas Goirand <zigo@debian.org>
    Closes: 1076774
    Changes:
    nova (2:26.2.2-1~deb12u3) bookworm-security; urgency=high
    .
    * CVE-2024-40767: Regression VMDK/qcow arbitrary file access (CVE-2024-32498)
    Applied upstream patches (Closes: #1076774):
    - CVE-2024-40767_1_port_format_inspector_tests_from_glance_antelope.patch
    - CVE-2024-40767_2_Reproduce_iso_regression_with_deep_format_inspection_antelope.patch
    - CVE-2024-40767_3_Add-iso-file-format-inspector_antelope.patch
    - CVE-2024-40767_4_Change-force_format-strategy-to-catch-mismatches_antelope.patch
    * Add qemu-utils as build-depends to run new tests.
    Checksums-Sha1:
    f311d2c06987ffb500685026bd86d04962cba99a 5096 nova_26.2.2-1~deb12u3.dsc
    a6796c58f74ec57267a33af7b0db4e63e6bfb552 6000800 nova_26.2.2.orig.tar.xz
    a8f7e5dfeeb5675abe20a6b115934619557a653b 88612 nova_26.2.2-1~deb12u3.debian.tar.xz
    b4cf46882e6fae0b12fdb90206ebc0f1dc3f00e9 23186 nova_26.2.2-1~deb12u3_amd64.buildinfo
    Checksums-Sha256:
    3a6637f087ad5bd64c12ac1ce7215f051ee592cd6aef5213da0476c3f7b3bfaa 5096 nova_26.2.2-1~deb12u3.dsc
    d0fab415e15bfa70089b22e094d88ed3c7b66df0742bec52b4d9ff789e347571 6000800 nova_26.2.2.orig.tar.xz
    972ffa25b7de3a496cca7386df03c7d1fdb9675b6d8ace6fc4a5de161350dfe1 88612 nova_26.2.2-1~deb12u3.debian.tar.xz
    40e5ab996b7317b23a53ac5058597cebc8b92db75c6cdad80bf8edf651e69efe 23186 nova_26.2.2-1~deb12u3_amd64.buildinfo
    Files:
    f763dbef10f0aa3bd36f439510ec94ed 5096 net optional nova_26.2.2-1~deb12u3.dsc
    fddc994a8d3d81c2c41a93eafad1ea29 6000800 net optional nova_26.2.2.orig.tar.xz
    599563ef4e9b6109fe876624d70a17d3 88612 net optional nova_26.2.2-1~deb12u3.debian.tar.xz
    482fe532c273a9343538c67e8ea1466b 23186 net optional nova_26.2.2-1~deb12u3_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmbEuz0ACgkQ1BatFaxr Q/4sHg/+JlYj92d0fM9kEA/dbTX2UAUHAwoiVWFvZ1ECBs/iWSWYxOJuB70PM8nq ziHSdgx3hUvwi5J/ie/7SNUKfQd9YYg9v9t6wlS97AhU8zqKMla2n56EUrUgDfY+ CVGXURx3X7xwsfiXCYl8EW6Nk3zEqgf9Rns1GWcsHVH8lb8Ydm6mU+3V3GRozuVX /F71nAtSdRprw8sd5djd5HfXuC+VpfrvTx68FHcTZslJMEAIkgcXepiW0kSZEgRL J1JBdaHIJDu3RuinUioAgP1RqIU1/k37K3Grk9e4vvO+UxU44cWbq7QmAyK+cjhX +HeVJ9k0JrpSy/BKP8KFdIuoIWhBJ8shCZU4mRodQcZ2OqXVYVglA3TUwekacQQJ +bL+oMkU7hp7OBUur4pkmgfhMn5jttJS8097fDcMFZ0XN9uwnZgwOdfN0ojqZ234 aC9afrQEwFIkWeZsxRMjJIyZ8T5UUaeGy3ENssnPOwbROofRSBU2JrkHgC6/egTd +B4wUp7V57THfnl7HttUdbcZ2cp3gttFiDK02+V6+fCbhODNRaxKGx4g9neNpaST CUu/SpMsvNyCFtUfbM230mnO70/Hg6dfIFE6Lnz81yGATZsJ4Cp4hddQ3YzKgRXm IHCdp/RRhwFUokgWSq2ayAUwPLizPPgIOCIUyFGzs5j94GRkyBM=
    =/IQ1
    -----END PGP SIGNATURE-----


    --==============I56600128646554264=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZsZO6gAKCRCb9qggYcy5 ITRvAQCP4D5uHgmEe7BjJ197K4PUTXLqtVSXD546Pbxff2o/qAD9HiVTLaGt4/OX Pxbp6Fawwgkf0pClDdbcpPGOmk24Uws=AujZ
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)