-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 24 Jan 2023 11:31:25 +0100
Source: nova
Architecture: source
Version: 2:22.0.1-2+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian OpenStack <
team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <
zigo@debian.org>
Closes: 1029561
Changes:
nova (2:22.0.1-2+deb11u1) bullseye-security; urgency=medium
.
* CVE-2022-47951: By supplying a specially created VMDK flat image which
references a specific backing file path, an authenticated user may convince
systems to return a copy of that file's contents from the server resulting
in unauthorized access to potentially sensitive data. Add upstream patch
cve-2022-47951-glance-stable-victoria.patch (Closes: #1029561). Checksums-Sha1:
5b34041838c39107c06f2c2811399bfe5561f5e2 5339 nova_22.0.1-2+deb11u1.dsc
00feb086c56c8df4d0d85c795e33878eea75766f 5900180 nova_22.0.1.orig.tar.xz
4ff38fb907f356732392adc21e8dbc18040535e2 62092 nova_22.0.1-2+deb11u1.debian.tar.xz
20f5ca56aefae0fd497b1e1c5f0417d5b6c23be9 23807 nova_22.0.1-2+deb11u1_amd64.buildinfo
Checksums-Sha256:
7861752c0bcf3238e0751d838637098a4c3e75bf03687c6049e52de3cc42e9c1 5339 nova_22.0.1-2+deb11u1.dsc
8bfc2c8d721237ad67f2a15a2882f366f5423f30e2fda802b3234f4280c7a262 5900180 nova_22.0.1.orig.tar.xz
11f2390bfe1ba6bfa583ef95cee98f377848065104579adf849167d2204a1ea1 62092 nova_22.0.1-2+deb11u1.debian.tar.xz
daa7b094ee50822b95d2801f57895815fb26602c40277d38cc821a0677a9a909 23807 nova_22.0.1-2+deb11u1_amd64.buildinfo
Files:
dab63cd1547e4b92150e7904a1008d7f 5339 net optional nova_22.0.1-2+deb11u1.dsc
e797a3036ecf56bd964a3117004dfcb8 5900180 net optional nova_22.0.1.orig.tar.xz
9666f29b16bb260d4c7d0087773e68c3 62092 net optional nova_22.0.1-2+deb11u1.debian.tar.xz
b80f62561804c16659e10efa4ddb9106 23807 net optional nova_22.0.1-2+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmPXwJMACgkQ1BatFaxr Q/5zgg/+PhvC0jk9mZdBuhQl1RtglBgALFD2NHbY36Z3kQgf3ZtZx/fZV2caH4F1 YBdroqbQjFelexW00MAGlUWQCJiby5cXz9lCFw5x8hyNVEvSlG4r5bG7YlHG0f2s 2IebsgS1PqD4pwGV1jd6h/zE1NZAQND9ElC/ZkcleDJHxZdZl60rLViO3dhn5Ljv jKSew9r7ZA7L+nRn7+7rDsqi6ypoo7CMhNuUzfe0AU9YawvGCbVTFmcG6NnMDK09 j1ZyhIECO7GRbkQpqv7Lv/O4ZV8sH86UqV4Ifu+26Cu3HMXFg7mmRW2DQDZQd3wi UIy3b6GRZ6itH4pEb0d2j7QxVUax2eFGE7+g3FShFz/EutxI5+DnHjE60SzUobZ9 xIygLeNBIQ9Zc9S3K/fs9aPeJNDF10rbrBag9aBMJwS9nwOJn9xgL4kVbEaxGvEF 2oIi5Hmco6SiNkrGH6Pvt1yHlltHVRcFCU2Cw8pmOFxsGR4XTXgnFQ6l7hVqhav4 CjendO9TYEGLomem1+WZsIrEBnHrKpriy4eQFQPr3rCXyWx0VEX8z8Lh41Y1miIw sQV+nm0GcR6w9io66XTpUS4WKuWDG2Jsh2bmvU+mSXlzaKlQZ8PsBpMTq7+oqxK9 HUG4GsV5+cMRxhi+tOtQ7O5OLa4JdEmn3s7v0NbGebNSl+Bj6rk=
=H2jP
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)