[ubuntu/oracular-proposed] glance 2:28.0.1-0ubuntu3 (Accepted)

James Page james.page at ubuntu.com
Tue Jul 2 16:43:18 UTC 2024 

glance (2:28.0.1-0ubuntu3) oracular; urgency=medium

  * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
    (LP: #2059809)
    - debian/patches/CVE-2024-32498-1.patch: reject qcow files with
      data-file attributes.
    - debian/patches/CVE-2024-32498-2.patch: extend format_inspector for
      QCOW safety.
    - debian/patches/CVE-2024-32498-3.patch: add VMDK safety check.
    - debian/patches/CVE-2024-32498-4.patch: reject unsafe qcow and vmdk
      files.
    - debian/patches/CVE-2024-32498-5.patch: add QED format detection to
      format_inspector.
    - debian/patches/CVE-2024-32498-6.patch: add file format detection to
      format_inspector.
    - debian/patches/CVE-2024-32498-7.patch: add safety check and detection
      support to FI tool.
    - CVE-2024-32498

Date: Mon, 24 Jun 2024 09:31:38 +0100
Changed-By: James Page <james.page at ubuntu.com>
Maintainer: Ubuntu OpenStack <openstack-packaging at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/glance/2:28.0.1-0ubuntu3
-------------- next part --------------
Format: 1.8
Date: Mon, 24 Jun 2024 09:31:38 +0100
Source: glance
Built-For-Profiles: noudeb
Architecture: source
Version: 2:28.0.1-0ubuntu3
Distribution: oracular
Urgency: medium
Maintainer: Ubuntu OpenStack <openstack-packaging at lists.ubuntu.com>
Changed-By: James Page <james.page at ubuntu.com>
Launchpad-Bugs-Fixed: 2059809
Changes:
 glance (2:28.0.1-0ubuntu3) oracular; urgency=medium
 .
   * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
     (LP: #2059809)
     - debian/patches/CVE-2024-32498-1.patch: reject qcow files with
       data-file attributes.
     - debian/patches/CVE-2024-32498-2.patch: extend format_inspector for
       QCOW safety.
     - debian/patches/CVE-2024-32498-3.patch: add VMDK safety check.
     - debian/patches/CVE-2024-32498-4.patch: reject unsafe qcow and vmdk
       files.
     - debian/patches/CVE-2024-32498-5.patch: add QED format detection to
       format_inspector.
     - debian/patches/CVE-2024-32498-6.patch: add file format detection to
       format_inspector.
     - debian/patches/CVE-2024-32498-7.patch: add safety check and detection
       support to FI tool.
     - CVE-2024-32498
Checksums-Sha1:
 b5e9cad93ff1f35a723b4a543b1620d3fcaf5fe6 4552 glance_28.0.1-0ubuntu3.dsc
 1881b90f54b6a0d21b75afbc65f6b72aa0874a25 30392 glance_28.0.1-0ubuntu3.debian.tar.xz
 ecd9d7404f8387033f30f3422d0e0abe21e37adb 8595 glance_28.0.1-0ubuntu3_source.buildinfo
Checksums-Sha256:
 dfee80b8b621cc1552df9377eedde5278843ceaf871122dcbe23444221960562 4552 glance_28.0.1-0ubuntu3.dsc
 d929b28bc8cca374e69cd2615435055c5be6ed2ed3566ee5b19ff2d37cf1e91b 30392 glance_28.0.1-0ubuntu3.debian.tar.xz
 2b4c907fde8ecdb812c768738019a084bedcdc5886c58d149f65b8a0b64fa38c 8595 glance_28.0.1-0ubuntu3_source.buildinfo
Files:
 bcc7243d03e2a04a148e6923cb04d399 4552 net extra glance_28.0.1-0ubuntu3.dsc
 67b6b3a52f5cd8f273d137acdd45a261 30392 net extra glance_28.0.1-0ubuntu3.debian.tar.xz
 7e6e69d27a20981721bf9b8aa498b266 8595 net extra glance_28.0.1-0ubuntu3_source.buildinfo

More information about the oracular-changes mailing list