-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 01 Sep 2021 13:42:16 +0200 Source: neutron Architecture: source Version: 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian OpenStack <team+openstack@tracker.debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Closes: 993398 Changes: neutron (2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1) buster-security; urgency=medium . * New upstream point release. - CVE-2021-40085: By supplying a specially crafted extra_dhcp_opts value, an authenticated user may add arbitrary configuration to the dnsmasq process in order to crash the service, change parameters for other tenants sharing the same interface, or otherwise alter that daemon's behavior. This vulnerability may also be used to trigger a configuration parsing buffer overflow in versions of dnsmasq prior to 2.81, which could lead to remote code execution. All Neutron deployments are affected. (Closes: #993398) * Add Add_a_healthcheck_URL.patch. * Removed patches applied upstream: - rootwrap-fix-for-neutron-fwaas.patch - CVE-2019-10876_rocky_fix_KeyError_in_OVS_firewall.patch - CVE-2019-9735_When_converting_sg_rules_to_iptables_do_not_emit_d....patch * Refreshed multiple patches. * Add the neccessary debconf stuff to stop modifying config files on upgrades. * Add patch: - revert-call-install_ingress_direct_goto_flows_when_ovs_restarts.patch Checksums-Sha1: 6536b586ac694e30d4ca769b0fe897f3e7f01a19 5251 neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1.dsc 958e6b708cc70e763b587a9d9409f5f23673cfe3 9174612 neutron_13.0.7+git.2021.09.27.bace3d1890.orig.tar.xz 77afd432d1d696ba566a333072eb09c26ae89415 38612 neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1.debian.tar.xz c77df9d21684216dc42bba977590a52aa95e803f 20697 neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_amd64.buildinfo Checksums-Sha256: d8b7d1fd81f3ebab6b7718a7dcd31ae9ea49e7e7266ad2eb6e3a6a41e500dd95 5251 neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1.dsc b093f7fdbc714ca42c2b13811ef5da12f6403a4280f20e48b487d104bc00ccc4 9174612 neutron_13.0.7+git.2021.09.27.bace3d1890.orig.tar.xz a1f3c6ec8f007dfc16aedc0bd254e5a8c22827f3da38b7ac8119a1836deb599c 38612 neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1.debian.tar.xz bf2c245520dbe5c2000217bf6a841bdfc9aaf2de8011b6f9f1ae785c91a52986 20697 neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_amd64.buildinfo Files: 68097ae6582f9f09764cc20ae2b45917 5251 net optional neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1.dsc 140f94cdc98a32574456cf2cb605a6d9 9174612 net optional neutron_13.0.7+git.2021.09.27.bace3d1890.orig.tar.xz d1a582d7522310bf31e2153da45236c7 38612 net optional neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1.debian.tar.xz 9e52f7568ee6a8e65774f40ec3e3c7ca 20697 net optional neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmFcZAAACgkQ1BatFaxr Q/6tmA/9ED1nuxeyYwQ3B68SS4gEZbsj8DxXVdip/L71KiGzZm3ePcjwYg7171C8 isRR68G9XNmRnGWxbw8TsL9B26mdrxULpGUmTXs147ljfejz38z5hjvDcLbB+ycH XZeTNX57ZabCTulIKF158F3v5H5wrWl9yt2j1/oltVYcP1ckL+NJy6CgRwnf6BRv FzCea4TNmvgOuwGgdmC+kkdh5IpFMx0uJUHo8yiFsAw3bpEvqsF4wmZeHViujVAv wdmyi5l535kT2r8fq9VcidfCGB0UiY3hgE5iOPj8MutmXXvu+gh1j1tq72aLt9Pn iP+DYDBeeHBcSawhW0TNYYEqdkGSCh8GqgSy7fbbzEaUIzayomQdVsXj7YhbOZmV ZFgcwbtsaRufA2ncD5NGPfFwyZ2Pu6342IeL5+5FnIqvMgPmyvYQKNzzXYRL6CO4 8YYzKRnZJxXMkkNiic4dCpii5V21DqdNGgLBGrtpOwodTi4sELwyPTuc4NHz5L2G e6c/Iu4/+qQZSpAOUUMBwWzOaKvC/AffTKNk30/PI7DlFnfZbROs/LFKmL8yRpz3 lKl7yoSkNXTTQM0UTpY56rd6t1JfbqzvKwd2rJO0m6Ixfk+4TrN+CdxsgJPL7WxD 51K3/ctSb43MTXMJyuSHkfHX5dAVzVt7HlymIbMJotjeP+11npA= =Yg0E -----END PGP SIGNATURE-----