Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou
discovered that missing input sanitising in the handling of VMDK images
in Cinder, the OpenStack block storage system, may result in information disclosure.
For the stable distribution (bullseye), this problem has been fixed in
We recommend that you upgrade your cinder packages.