1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted glance 2:25.1.0-2+deb12u1 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Wed Aug 21 22:40:03 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Fri, 21 Jun 2024 10:38:56 +0200
    Source: glance
    Architecture: source
    Version: 2:25.1.0-2+deb12u1
    Distribution: bookworm-security
    Urgency: high
    Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
    Changed-By: Thomas Goirand <zigo@debian.org>
    Closes: 1074761
    Changes:
    glance (2:25.1.0-2+deb12u1) bookworm-security; urgency=high
    .
    * CVE-2024-32498: Arbitrary file access through custom QCOW2 external data.
    Add upstream patch (Closes: #1074761):
    - CVE-2024-32498_1_Limit_CaptureRegion_sizes_in_format_inspector_for_VMDK_and_VHDX.patch
    - CVE-2024-32498_2_Support_Stream_Optimized_VMDKs.patch
    - CVE-2024-32498_3_1_glance-stable-2023.1.patch
    - CVE-2024-32498_3_2_glance-stable-2023.1.patch
    - CVE-2024-32498_3_3_glance-stable-2023.1.patch
    - CVE-2024-32498_3_4_glance-stable-2023.1.patch
    - CVE-2024-32498_3_5_glance-stable-2023.1.patch
    - CVE-2024-32498_3_6_glance-stable-2023.1.patch
    - CVE-2024-32498_3_7_glance-stable-2023.1.patch
    Checksums-Sha1:
    936f491b51756914ecbb69f26d9d3c3cdc5aeaa5 3829 glance_25.1.0-2+deb12u1.dsc
    26e73a82389323bec8bc203b298c23ae46c6dc12 1504620 glance_25.1.0.orig.tar.xz
    3e5093da9435419ed6d909b01de7f82dd09067b0 31044 glance_25.1.0-2+deb12u1.debian.tar.xz
    06d987d60636b04e0ddb64a7bb55cce021f452db 19110 glance_25.1.0-2+deb12u1_amd64.buildinfo
    Checksums-Sha256:
    7f28e6a54f44845d7b8257198ca45bcec9a957867ee4e9a0387ff9970e52dc4b 3829 glance_25.1.0-2+deb12u1.dsc
    d90dc2acf25282337cf0394abd025bb6a35aa339beb920817eab70465ff3e119 1504620 glance_25.1.0.orig.tar.xz
    7c3d97fdae84dd3e31b5ae41201dacfcb705324781557e7c72dfb8cccc29b6df 31044 glance_25.1.0-2+deb12u1.debian.tar.xz
    5e0f52521883da3017904abef9a7ecd92355d6a79ccee421589a9c72e9caa76b 19110 glance_25.1.0-2+deb12u1_amd64.buildinfo
    Files:
    161d2545294165e4bac8fbfca9bbab1e 3829 net optional glance_25.1.0-2+deb12u1.dsc
    6dbe10c1a179ad92f1b97cf0375ace95 1504620 net optional glance_25.1.0.orig.tar.xz
    a43cfd5763f024aaa021b2b6c6d1ea23 31044 net optional glance_25.1.0-2+deb12u1.debian.tar.xz
    e8d707c6568e3f200e9a6520f0a251db 19110 net optional glance_25.1.0-2+deb12u1_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmbEkVYACgkQ1BatFaxr Q/71cQ//QZ4X5YAoXjFSDnrVD7685PHlSD4kzVd+DGsK8syTi3tFWcTr69P/x1OH BLKhLTYpS6xqv/bW9v13IfJCqKNjKMK2YA7Kl3CsPaDqkJadAkRrGEaPtOADHCkg S6pf15RpWSSwD6mP9njIFWwdh8PHhLv3iTdpVMQzPdt0ahxCITLxxLNHqLm0o359 fOQZOAL5iEzqSWwkFCxoL/joyqoe7cTeFye0RmEj064RVkYy57X0k8entCsifQFl VWfVMwsVzB0NTGpWXdhnsmQo8F2O0JPiA1LMbC3V5Zmq/HwMzK1729rAj2KqabCI WSRmGdRpjbPj2N0bhXTyw/PD6mT/egiH7v0RQBzSHlQqyhu2UqMWELNfjrH5tLP/ QrhIAhtg/UKfnPu46kRC+vb7fedbUXWgjDcsAsJ4t8Z4axf/Gn2PzekZB1QlOk0l gQTZUvnK5AEdtUvZuXXvlFXT+2DVbRf/nTqVMS8lHIHU/7ju+cxPCDezD0JDbKwe mOYGl7Ck6N//A0KFqeprklX3tfS/z2JcBkCXWmdrDo/MmnBcmPIlUi41ikr2ft4d EtLwOhAchC23Xef0UeXN8bZ5h1hFObpSHc8ytM9+wKz67M/eARDSqeQpMkXabvPc M7gKA8yH//SXsjLmRtspcc9V9UJik7HgKOUX0Jr5bzaZF6WsFBw=
    =/9CD
    -----END PGP SIGNATURE-----


    --==============D12781268279535351=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZsZO6gAKCRCb9qggYcy5 IXKGAPwO5j4gkXY/PZxW0U02F35Xvkeii6zouCG8rnGmfDGrlAD+Ned++j1mtbYH Nws98eGI4kXo6r1B9QTwuhjZ/YjyeQI=P41y
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)