-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 19 Jan 2023 17:07:48 +0100 Source: swift Architecture: source Version: 2.26.0-10+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian OpenStack <team+openstack@tracker.debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Closes: 1029200 Changes: swift (2.26.0-10+deb11u1) bullseye-security; urgency=medium . * CVE-2022-47950 / OSSA-2023-001: Arbitrary file access through custom S3 XML entities. Add upstream patch backported to Bullseye: CVE-2022-47950-stable-victoria.patch (Closes: #1029200). * Exclude test TestCNAMELookup.test_host_is_storage_domain(). Checksums-Sha1: 342039f97da0f053e6743b98af2a05a3fd8189a6 3331 swift_2.26.0-10+deb11u1.dsc 25d8adad840c4da26213d01ecbc2541216c846a3 2302476 swift_2.26.0.orig.tar.xz ac4a72c7311d3d963586b164a543323e564e535f 26220 swift_2.26.0-10+deb11u1.debian.tar.xz 0a9351e376484f3b9a8cabd6aa7dd9451649aacd 15172 swift_2.26.0-10+deb11u1_amd64.buildinfo Checksums-Sha256: 4c8b3083b0438ac282174db9d808fed50c454b48a4b53dbacfdfac2079808df5 3331 swift_2.26.0-10+deb11u1.dsc 68b57dce54445c4d0554dbf9efc112eccc1fd961e75015900474d8cae013ead9 2302476 swift_2.26.0.orig.tar.xz 16955caed337163096dc9b7a6f4b1ef78ac4753f31498bacef35bd666c5eb2cd 26220 swift_2.26.0-10+deb11u1.debian.tar.xz 0f653bd60f337e1143c0721c51950d7f7ce846c7a9d2dae31e75e8717e34454b 15172 swift_2.26.0-10+deb11u1_amd64.buildinfo Files: 41f851b43a8b358fff7b31e39c104186 3331 net optional swift_2.26.0-10+deb11u1.dsc 611351b21eade1272085bddcea8259a1 2302476 net optional swift_2.26.0.orig.tar.xz ba3f5f5b8b1af62b23151e5928e06724 26220 net optional swift_2.26.0-10+deb11u1.debian.tar.xz 4a086a53f4d6feae529374c62e14d014 15172 net optional swift_2.26.0-10+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE3+Kkgn20FPaRPp/ST56os/RrPrsFAmPKUs8ACgkQT56os/Rr PrtVfRAAh49w0DFqyrehSNr/eX5TT7h7KVtxTUOaK2RNxu4D5UNF0XNQ04Irzvpd A3ZxZFm2gzd2xvP62blfXeRb4se3B/BlvR0dyKFnr76vKSG/PuOVmMUosL0Gsvnv FryvzJ/v9XAinnp0QADdKgrBhY6omPbCia1ic+S2JtcUomzCGLuSPZm1O5OV3kIL Q5Ujtg9w1RO9uo5hOyILA+kkFvLYfeu4vJcofrQsikUca13GQab4QwBGJJ3/AVPl V9bTrAa1na4wXPJCPzz+KB1q9JnmOvbbfkXxByECyOYOXL0WnQG3IKJi/AwKHlpC GpiwEWM+pZtxpfO67DIDIaBCKyChQRHEkLwLo31kA/gurdOzNloe6Hc60agysYqf bDdJqAqiSezs30k7Pi9toEUmMmc8pAAICTial0AWwByyzP84gNMyqgd++i+KSdya lYv1/z6mRNmRNrEMjTivSqeRVGzLzJoS0aeln11qQF5HajoEccloRAxNXH5kOxRm O0Y5nIR3r19wITGIerQisYKZzwwlk0kT0Pl8NjGeYsbAZydq5iLct66Uv8myXzhA 7zgxGw80Mhc0xVxzkYlNIOX9SYS5khCsAZrWEhUss9RdpvECf0hWx69Pt6xQ9nEH eo9jm+1zXK/Vvzl40iWT8YgsLLvn79GZ5cgL2uj30p3HMPStk3w= =/Vvw -----END PGP SIGNATURE-----