Accepted glance 2:25.1.0-2+deb12u1 (source) into proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted glance 2:25.1.0-2+deb12u1 (source) into proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 21 Aug 2024 20:32:42 +0000
Message-id: <[🔎] E1sgs0Y-00DTqx-79@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 21 Jun 2024 10:38:56 +0200
Source: glance
Architecture: source
Version: 2:25.1.0-2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1074761
Changes:
 glance (2:25.1.0-2+deb12u1) bookworm-security; urgency=high
 .
   * CVE-2024-32498: Arbitrary file access through custom QCOW2 external data.
     Add upstream patch (Closes: #1074761):
     - CVE-2024-32498_1_Limit_CaptureRegion_sizes_in_format_inspector_for_VMDK_and_VHDX.patch
     - CVE-2024-32498_2_Support_Stream_Optimized_VMDKs.patch
     - CVE-2024-32498_3_1_glance-stable-2023.1.patch
     - CVE-2024-32498_3_2_glance-stable-2023.1.patch
     - CVE-2024-32498_3_3_glance-stable-2023.1.patch
     - CVE-2024-32498_3_4_glance-stable-2023.1.patch
     - CVE-2024-32498_3_5_glance-stable-2023.1.patch
     - CVE-2024-32498_3_6_glance-stable-2023.1.patch
     - CVE-2024-32498_3_7_glance-stable-2023.1.patch
Checksums-Sha1:
 936f491b51756914ecbb69f26d9d3c3cdc5aeaa5 3829 glance_25.1.0-2+deb12u1.dsc
 26e73a82389323bec8bc203b298c23ae46c6dc12 1504620 glance_25.1.0.orig.tar.xz
 3e5093da9435419ed6d909b01de7f82dd09067b0 31044 glance_25.1.0-2+deb12u1.debian.tar.xz
 06d987d60636b04e0ddb64a7bb55cce021f452db 19110 glance_25.1.0-2+deb12u1_amd64.buildinfo
Checksums-Sha256:
 7f28e6a54f44845d7b8257198ca45bcec9a957867ee4e9a0387ff9970e52dc4b 3829 glance_25.1.0-2+deb12u1.dsc
 d90dc2acf25282337cf0394abd025bb6a35aa339beb920817eab70465ff3e119 1504620 glance_25.1.0.orig.tar.xz
 7c3d97fdae84dd3e31b5ae41201dacfcb705324781557e7c72dfb8cccc29b6df 31044 glance_25.1.0-2+deb12u1.debian.tar.xz
 5e0f52521883da3017904abef9a7ecd92355d6a79ccee421589a9c72e9caa76b 19110 glance_25.1.0-2+deb12u1_amd64.buildinfo
Files:
 161d2545294165e4bac8fbfca9bbab1e 3829 net optional glance_25.1.0-2+deb12u1.dsc
 6dbe10c1a179ad92f1b97cf0375ace95 1504620 net optional glance_25.1.0.orig.tar.xz
 a43cfd5763f024aaa021b2b6c6d1ea23 31044 net optional glance_25.1.0-2+deb12u1.debian.tar.xz
 e8d707c6568e3f200e9a6520f0a251db 19110 net optional glance_25.1.0-2+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmbEkVYACgkQ1BatFaxr
Q/71cQ//QZ4X5YAoXjFSDnrVD7685PHlSD4kzVd+DGsK8syTi3tFWcTr69P/x1OH
BLKhLTYpS6xqv/bW9v13IfJCqKNjKMK2YA7Kl3CsPaDqkJadAkRrGEaPtOADHCkg
S6pf15RpWSSwD6mP9njIFWwdh8PHhLv3iTdpVMQzPdt0ahxCITLxxLNHqLm0o359
fOQZOAL5iEzqSWwkFCxoL/joyqoe7cTeFye0RmEj064RVkYy57X0k8entCsifQFl
VWfVMwsVzB0NTGpWXdhnsmQo8F2O0JPiA1LMbC3V5Zmq/HwMzK1729rAj2KqabCI
WSRmGdRpjbPj2N0bhXTyw/PD6mT/egiH7v0RQBzSHlQqyhu2UqMWELNfjrH5tLP/
QrhIAhtg/UKfnPu46kRC+vb7fedbUXWgjDcsAsJ4t8Z4axf/Gn2PzekZB1QlOk0l
gQTZUvnK5AEdtUvZuXXvlFXT+2DVbRf/nTqVMS8lHIHU/7ju+cxPCDezD0JDbKwe
mOYGl7Ck6N//A0KFqeprklX3tfS/z2JcBkCXWmdrDo/MmnBcmPIlUi41ikr2ft4d
EtLwOhAchC23Xef0UeXN8bZ5h1hFObpSHc8ytM9+wKz67M/eARDSqeQpMkXabvPc
M7gKA8yH//SXsjLmRtspcc9V9UJik7HgKOUX0Jr5bzaZF6WsFBw=
=/9CD
-----END PGP SIGNATURE-----

Attachment: pgpsiOgIGAGMQ.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted dovecot 1:2.3.19.1+dfsg1-2.1+deb12u1 (source) into proposed-updates
Next by Date: Accepted nova 2:26.2.2-1~deb12u3 (source) into proposed-updates
Previous by thread: Accepted dovecot 1:2.3.19.1+dfsg1-2.1+deb12u1 (source) into proposed-updates
Next by thread: Accepted nova 2:26.2.2-1~deb12u3 (source) into proposed-updates
Index(es):
- Date
- Thread