[ubuntu/focal-security] cinder 2:16.4.2-0ubuntu2.8 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Jul 8 11:43:03 UTC 2024
cinder (2:16.4.2-0ubuntu2.8) focal-security; urgency=medium
* SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
(LP: #2059809)
- debian/patches/CVE-2024-32498.patch: check for external qcow2 data
file.
- debian/patches/fix_CVE-2022-47951_test.patch: fix test after more
extensive CVE-2024-32498 image checking.
- debian/control: added qemu-utils to Build-Depends so qemu-img is
available for new tests.
- CVE-2024-32498
cinder (2:16.4.2-0ubuntu2.6) focal; urgency=medium
* HPE3PAR: Failing to clone a volume having children (LP: #1994521):
- d/p/lp1994521-0001-HPE-3PAR-In-multi-host-env-fix-multi-detach-operatio.patch
- d/p/lp1994521-0002-HPE-3PAR-Fix-umanaged-volumes-snapshots-missing.patch
- d/p/lp1994521-0003-3PAR-Error-out-if-vol-cannot-be-converted-to-base.patch
- api 4.0.16 and 4.0.17 are added as it is in the middle of the main patch
(4.0.18)
cinder (2:16.4.2-0ubuntu2.5) focal; urgency=medium
[ Heather Lemon ]
* Start cinder-volume.service after tgt.service started (LP: #1987663)
- d/cinder-volume.service.conf: drop-in with 'After=' and 'Wants='
('Wants=' is not generated by pkgos-gen-systemd-unit currently).
- d/cinder-volume.install: ship the systemd service drop-in file.
Date: 2024-07-02 19:48:12.192086+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/cinder/2:16.4.2-0ubuntu2.8
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list