[Bug 2011713] Re: [SRU] yoga stable releases

James Page 2011713 at bugs.launchpad.net
Mon Jul 8 13:05:57 UTC 2024 

This bug was fixed in the package glance - 2:24.2.1-0ubuntu1.2~cloud0
---------------

 glance (2:24.2.1-0ubuntu1.2~cloud0) focal; urgency=medium
 .
   * SECURITY UPDATE for Ubuntu Cloud Archive. backport to focal.
 .
 glance (2:24.2.1-0ubuntu1.2) jammy-security; urgency=medium
 .
   * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
     (LP: #2059809)
     - debian/patches/CVE-2024-32498-pre1.patch: limit CaptureRegion sizes
       in format_inspector for VMDK and VHDX.
     - debian/patches/CVE-2024-32498-pre2.patch: support Stream Optimized
       VMDKs.
     - debian/patches/CVE-2024-32498-1.patch: reject qcow files with
       data-file attributes.
     - debian/patches/CVE-2024-32498-2.patch: extend format_inspector for
       QCOW safety.
     - debian/patches/CVE-2024-32498-3.patch: add VMDK safety check.
     - debian/patches/CVE-2024-32498-4.patch: reject unsafe qcow and vmdk
       files.
     - debian/patches/CVE-2024-32498-5.patch: add QED format detection to
       format_inspector.
     - debian/patches/CVE-2024-32498-6.patch: add file format detection to
       format_inspector.
     - debian/patches/CVE-2024-32498-7.patch: add safety check and detection
       support to FI tool.
     - CVE-2024-32498
 .
 glance (2:24.2.1-0ubuntu1) jammy; urgency=medium
 .
   * New stable point release for OpenStack Yoga (LP: #2037332).
 .
 glance (2:24.2.0-0ubuntu1) jammy; urgency=medium
 .
   * New stable point release for OpenStack Yoga (LP: #2011713).
   * d/p/CVE-2022-47951.patch: Dropped. Fixed in stable point release.
 .
 glance (2:24.1.0-0ubuntu1.1) jammy-security; urgency=medium
 .
   * SECURITY UPDATE: Arbitrary file access
     - debian/patches/CVE-2022-47951.patch: Enforce image safety
       during image_conversion.
     - CVE-2022-47951
 .
 glance (2:24.1.0-0ubuntu1) jammy; urgency=medium
 .
   * d/gbp.conf: Create stable/yoga branch.
   * New stable point release for OpenStack Yoga (LP: #1980369).
 .
 glance (2:24.0.0-0ubuntu1) jammy; urgency=medium
 .
   * d/watch: Scope to 24.x.
   * New upstream release for OpenStack Yoga.
 .
 glance (2:24.0.0~rc1+git2022030311.d4119be05-0ubuntu1) jammy; urgency=medium
 .
   * New upstream snapshot for OpenStack Yoga.
   * d/control: Align (Build-)Depends with upstream.
   * d/p/skip-py10-failure.patch: Dropped. Fixed in upstream snapshot.
 .
 glance (2:23.0.0+git2022011216.502fa0ffc-0ubuntu1) jammy; urgency=medium
 .
   * d/glance-common.install, d/glance-api.init.in: Install
     glance-image-import.conf.sample and add --config-dir=/etc/glance/
     to glance-api init script (LP: #1955022).
   * New upstream snapshot for OpenStack Yoga.
   * d/control, d/rules: Bump debhelper compat to 13.
 .
 glance (2:23.0.0+git2021120811.4ee7799aa-0ubuntu1) jammy; urgency=medium
 .
   * New upstream snapshot for OpenStack Yoga.
   * d/p/skip-py10-failure.patch: Skip test that is raising different
     exception with Python 3.10.
 .
 glance (2:23.0.0-0ubuntu1) impish; urgency=medium
 .
   * d/watch: Scope to 23.x.
   * New upstream release for OpenStack Xena.
   * d/control: Align (Build-)Depends with upstream.
 .
 glance (2:23.0.0~b3+git2021091316.d49eaa04c-0ubuntu1) impish; urgency=medium
 .
   * New upstream snapshot for OpenStack Xena.
   * d/p/add-root-tar-support.patch: Rebased.
 .
 glance (2:23.0.0~b2+git2021072116.62334aa4-0ubuntu1) impish; urgency=medium
 .
   * New upstream snapshot for OpenStack Xena.
   * d/control: Align (Build-)Depends with upstream.
 .
 glance (2:22.0.0+git2021061112.4f20e500-0ubuntu1) impish; urgency=medium
 .
   * New upstream snapshot for OpenStack Xena.
 .
 glance (2:22.0.0-0ubuntu1) hirsute; urgency=medium
 .
   * New upstream release for OpenStack Wallaby.
 .
 glance (2:22.0.0~rc1-0ubuntu1) hirsute; urgency=medium
 .
   * d/watch: Track the 22.x series and fix path.
   * New upstream release candidate for OpenStack Wallaby.
   * d/control: Align (Build-)Depends with upstream.
 .
 glance (2:22.0.0~b2+git2021012915.03bf00ee-0ubuntu1) hirsute; urgency=medium
 .
   * New upstream snapshot for OpenStack Wallaby.
   * d/control: Align (Build-)Depends with upstream.
 .
 glance (2:21.0.0+git2020120911.f102b74a-0ubuntu1) hirsute; urgency=medium
 .
   * New upstream snapshot for OpenStack Wallaby.
 .
 glance (2:21.0.0-0ubuntu1) groovy; urgency=medium
 .
   * d/control: Update VCS paths for move to lp:~ubuntu-openstack-dev.
   * d/watch: Track the 21.x series.
   * New upstream release for OpenStack Victoria.
 .
 glance (2:21.0.0~b3~git2020091515.e16d5c9b-0ubuntu1) groovy; urgency=medium
 .
   [ Chris MacNaughton ]
   * d/control: Remove Breaks/Replaces that are older than Focal (LP: #1878419).
 .
   [ Corey Bryant ]
   * New upstream snapshot for OpenStack Victoria.
   * d/control: Align (Build-)Depends with upstream.
 .
 glance (2:21.0.0~b2~git2020073013.cfbe5f76-0ubuntu2) groovy; urgency=medium
 .
   * d/glance-common.postrm: Drop --system from deluser/delgroup calls. This
     aligns with the glance-common.postinst script reserved glance uid/gid
     (LP: #1889846).
 .
 glance (2:21.0.0~b2~git2020073013.cfbe5f76-0ubuntu1) groovy; urgency=medium
 .
   * New upstream snapshot for OpenStack Victoria.
   * Align (Build-)Depends with upstream.
 .
 glance (2:21.0.0~b1~git2020062909.e6db0b10-0ubuntu1) groovy; urgency=medium
 .
   * New upstream snapshot for OpenStack Victoria.
   * Align (Build-)Depends with upstream.
   * d/glance-common.install, d/glance-common.manpages: Remove glance-registry bits
     after upstream removal.
   * d/control: Update Standards-Version to 4.5.0.

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to glance in Ubuntu.
https://bugs.launchpad.net/bugs/2011713

Title:
  [SRU] yoga stable releases

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive yoga series:
  Fix Released
Status in glance package in Ubuntu:
  Invalid
Status in neutron package in Ubuntu:
  Invalid
Status in glance source package in Jammy:
  Fix Released
Status in neutron source package in Jammy:
  Fix Released

Bug description:
  [Impact]
  This release sports mostly bug-fixes and we would like to make
  sure all of our supported customers have access to these
  improvements. The update contains the following package updates:

  glance 24.2.0
  neutron 20.3.0

  [Test Case]
  The following SRU process was followed:
  https://wiki.ubuntu.com/OpenStackUpdates

  In order to avoid regression of existing consumers, the OpenStack team
  will run their continuous integration test against the packages that
  are in -proposed. A successful run of all available tests will be
  required before the proposed packages can be let into -updates.

  The OpenStack team will be in charge of attaching the output summary
  of the executed tests. The OpenStack team members will not mark
  ‘verification-done’ until this has happened.

  [Regression Potential]
  In order to mitigate the regression potential, the results of the
  aforementioned tests are attached to this bug.

  [Discussion]
  n/a

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2011713/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list