[ubuntu/jammy-security] glance 2:24.2.1-0ubuntu1.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Jul 8 11:52:35 UTC 2024
glance (2:24.2.1-0ubuntu1.2) jammy-security; urgency=medium
* SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
(LP: #2059809)
- debian/patches/CVE-2024-32498-pre1.patch: limit CaptureRegion sizes
in format_inspector for VMDK and VHDX.
- debian/patches/CVE-2024-32498-pre2.patch: support Stream Optimized
VMDKs.
- debian/patches/CVE-2024-32498-1.patch: reject qcow files with
data-file attributes.
- debian/patches/CVE-2024-32498-2.patch: extend format_inspector for
QCOW safety.
- debian/patches/CVE-2024-32498-3.patch: add VMDK safety check.
- debian/patches/CVE-2024-32498-4.patch: reject unsafe qcow and vmdk
files.
- debian/patches/CVE-2024-32498-5.patch: add QED format detection to
format_inspector.
- debian/patches/CVE-2024-32498-6.patch: add file format detection to
format_inspector.
- debian/patches/CVE-2024-32498-7.patch: add safety check and detection
support to FI tool.
- CVE-2024-32498
glance (2:24.2.1-0ubuntu1) jammy; urgency=medium
* New stable point release for OpenStack Yoga (LP: #2037332).
glance (2:24.2.0-0ubuntu1) jammy; urgency=medium
* New stable point release for OpenStack Yoga (LP: #2011713).
* d/p/CVE-2022-47951.patch: Dropped. Fixed in stable point release.
Date: 2024-06-28 23:22:11.081118+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Maintainer: OpenStack Ubuntu packagers <openstack-packaging at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/glance/2:24.2.1-0ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list