-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 18 Jan 2023 10:14:44 +0100
Source: glance
Architecture: source
Version: 2:21.0.0-2+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian OpenStack <
team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <
zigo@debian.org>
Closes: 1029563
Changes:
glance (2:21.0.0-2+deb11u1) bullseye-security; urgency=medium
.
* CVE-2022-47951: By supplying a specially created VMDK flat image which
references a specific backing file path, an authenticated user may convince
systems to return a copy of that file's contents from the server resulting
in unauthorized access to potentially sensitive data. Add upstream patch
cve-2022-47951-glance-stable-victoria.patch (Closes: #1029563). Checksums-Sha1:
a55a859e2366820084168fa126fb8e887120c8c9 3768 glance_21.0.0-2+deb11u1.dsc
5bc58570ac46747db867f53e6633bba8a68d2f0a 1471508 glance_21.0.0.orig.tar.xz
c8ee1328ec0761ce296fe0fb83d1e7b4d11f25d2 18852 glance_21.0.0-2+deb11u1.debian.tar.xz
ffbc487672efc487022e797d9a5f96536ad56882 18111 glance_21.0.0-2+deb11u1_amd64.buildinfo
Checksums-Sha256:
738bf183334415d0c78e9546e1c395b225809bfa18b4fc800d6c37ab81ebbba2 3768 glance_21.0.0-2+deb11u1.dsc
7e9e96711ca27913cae31c0992a90edd4f572a66768162324ce8aa79ccc7820d 1471508 glance_21.0.0.orig.tar.xz
18312e8c4b194415b0a06a8419b3451f57b16a1f0e37fa4a8c376b2544b45e57 18852 glance_21.0.0-2+deb11u1.debian.tar.xz
264766a40f873ed3fae836c778652c0469d81845a30e676e75cf313483335d4d 18111 glance_21.0.0-2+deb11u1_amd64.buildinfo
Files:
89ab7d0ac9486b299ce7125985186a0d 3768 net optional glance_21.0.0-2+deb11u1.dsc
bef1454ed9865225181e6ec7df9b23ff 1471508 net optional glance_21.0.0.orig.tar.xz
0c1aceab581b54b7a88324cd5aba21a0 18852 net optional glance_21.0.0-2+deb11u1.debian.tar.xz
fd037e53d5c991c0885fddb7d0a2419e 18111 net optional glance_21.0.0-2+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmPXv+kACgkQ1BatFaxr Q/5MRw/+PIR+Km+VwZXdTJPt72V7XaAlouB4nutToHm1TF93w5vshObfo44nSVQe CdBxbcPp8TdzsYM143KWzp2WVu2b/Wy2MNpvAtIvz5Pbqxbw4hX7RDBIW7hHR9cn JjlBL6tHrN7sZP+sPjQP4Lp9MoqevkSBtlimhrE5yBg+r+SEIwuos2P/m6oDoj7v Dwr5flg6gQ7OcpKz482dzn6fK5HaPB6Xf9QYaLL/5L0ZsDgxLAP5eiq/oLQvo6HU n+u1ipgDdOltFbIAttFp8+uBqKeOVXzpaAfSmQkjJQm5hpaj4DOCBM4bTYMii672 2SgfqTqFw9TYsiA4SvnJ6Iy3ll9m7/7bU4yADBdtlOWW9SZ+YxDooKlc5KWZQIPj P0W7pPitP1UcjqDwfJErX2odVSIbUL5W4Oln1jLBlLeK+OA5IjWayp41o/tTwCma UVKScs40mlp+NUsRkIxPrqWie6PEn1scn/L+aFk5uWWBBp5IRqvJdu3ikCcFJVBD 5mJYP6TZp9Rlsc7u1WvYKrCWxhqAOc99tyfj+v41E8VOLhNcn5NExtZTeF8K8j5d NqwkXhlVFlAHu6y4IbqUtSzluUJxYo7UbaLdLwAh7VpAGIe11/gSbEz1UG9LH8Ny uiD/O1AgzACmo1eEHS3gTWqOfHdK/sgbNy1vDNKNoTDs6vza1t4=
=Y2Jg
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)