Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou
discovered that missing input sanitising in the handling of VMDK images
in Glance, the OpenStack image registry and delivery service, may result
in information disclosure.
For the stable distribution (bullseye), this problem has been fixed in
We recommend that you upgrade your glance packages.