[Bug 2020111] Re: CVE-2023-2088 regressions

Corey Bryant 2020111 at bugs.launchpad.net
Mon May 22 12:58:47 UTC 2023


Hello Corey, or anyone else affected,

Accepted cinder into zed-proposed. The package will build now and be
available in the Ubuntu Cloud Archive in a few hours, and then in the
-proposed repository.

Please help us by testing this new package. To enable the -proposed
repository:

  sudo add-apt-repository cloud-archive:zed-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-zed-needed to verification-zed-done. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-zed-failed. In either case, details of your testing
will help us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
advance!

** Changed in: cloud-archive
       Status: Triaged => Fix Committed

** Changed in: cloud-archive/zed
       Status: Triaged => Fix Committed

** Tags added: verification-zed-needed

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-glance-store in Ubuntu.
https://bugs.launchpad.net/bugs/2020111

Title:
  CVE-2023-2088 regressions

Status in Ubuntu Cloud Archive:
  Fix Committed
Status in Ubuntu Cloud Archive antelope series:
  Triaged
Status in Ubuntu Cloud Archive bobcat series:
  Fix Committed
Status in Ubuntu Cloud Archive victoria series:
  Fix Committed
Status in Ubuntu Cloud Archive wallaby series:
  Fix Committed
Status in Ubuntu Cloud Archive xena series:
  Fix Committed
Status in Ubuntu Cloud Archive yoga series:
  Triaged
Status in Ubuntu Cloud Archive zed series:
  Fix Committed
Status in cinder package in Ubuntu:
  Fix Released
Status in nova package in Ubuntu:
  Fix Released
Status in python-glance-store package in Ubuntu:
  Fix Released
Status in python-os-brick package in Ubuntu:
  Fix Released
Status in cinder source package in Focal:
  Triaged
Status in nova source package in Focal:
  Triaged
Status in python-glance-store source package in Focal:
  Triaged
Status in python-os-brick source package in Focal:
  Triaged
Status in cinder source package in Jammy:
  Triaged
Status in nova source package in Jammy:
  Triaged
Status in python-glance-store source package in Jammy:
  Triaged
Status in python-os-brick source package in Jammy:
  Triaged
Status in cinder source package in Kinetic:
  Triaged
Status in nova source package in Kinetic:
  Triaged
Status in python-glance-store source package in Kinetic:
  Triaged
Status in python-os-brick source package in Kinetic:
  Triaged
Status in cinder source package in Lunar:
  Triaged
Status in nova source package in Lunar:
  Triaged
Status in python-glance-store source package in Lunar:
  Triaged
Status in python-os-brick source package in Lunar:
  Triaged
Status in cinder source package in Mantic:
  Fix Released
Status in nova source package in Mantic:
  Fix Released
Status in python-glance-store source package in Mantic:
  Fix Released
Status in python-os-brick source package in Mantic:
  Fix Released

Bug description:
  There has been a regression found in at least one project due to the fixes for CVE-2023-2088:
  https://bugs.launchpad.net/ironic/+bug/2019892

  This may also affect other projects that are yet to be known.

  We will be reverting the CVE-2023-2088 patches that have been released
  to nova, cinder, python-os-brick, and python-glance-store until
  everything is settled upstream in order to prevent regressing our
  users.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2020111/+subscriptions




More information about the Ubuntu-openstack-bugs mailing list