-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 24 Jan 2023 16:51:31 +0100 Source: glance Architecture: source Version: 2:25.0.0-2 Distribution: unstable Urgency: high Maintainer: Debian OpenStack <team+openstack@tracker.debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Closes: 1029563 Changes: glance (2:25.0.0-2) unstable; urgency=high . * CVE-2022-47951: vulnerability in VMDK image processing. By supplying a specially created VMDK flat image which references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server resulting in unauthorized access to potentially sensitive data. Added upstream patch: CVE-2022-47951-Enforce_image_safety_during_image_conversion.patch (Closes: #1029563). Checksums-Sha1: f56b459a74f546285379f0e7c50dc75d8928fc1f 3787 glance_25.0.0-2.dsc 4dd37858906bebc273d42bd33b00c893e9259cbc 19280 glance_25.0.0-2.debian.tar.xz 9f6ae9809d8b67164125a61e0cfecd0ded251e40 18496 glance_25.0.0-2_amd64.buildinfo Checksums-Sha256: ee752adbf1e940c39e96db847d2bc4efd9b8c7d6f96a810106e1e64f4102e6f5 3787 glance_25.0.0-2.dsc c7acfc24801e95673f1f26eb3ea913c2be5f713bfe073d86bfffd8adaf87437a 19280 glance_25.0.0-2.debian.tar.xz c377e2c1f8a23e116b12e28b7e8e96a3cb04fe0c39886880b8fa55849ac75bf4 18496 glance_25.0.0-2_amd64.buildinfo Files: 1f777f000e31fe587a8616c98595325c 3787 net optional glance_25.0.0-2.dsc 5c821447f6032523ac8b0b83a64de4e4 19280 net optional glance_25.0.0-2.debian.tar.xz a020222d7de619a6a35e3e66865699d1 18496 net optional glance_25.0.0-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmPQAywACgkQ1BatFaxr Q/654A//UQZCTjEgUNNDjUmM8iZ1C0WtKsF5fnMY1AHXzw49XCq0GgbOeI1Gb1A5 krG0JPvn1qV/yoMUkDyBMj3YI+qUNp9TECzsX5yQbUodI6cnRXCDZxLmebCqAtNJ N2qDZ6j2nRylCX772QnR+DQwPEcuHZ8faUt+K7lQsAuPQhFD/FibhE9Q5Br7xRU1 PRPUBAjmwOtMKegVIpnlzDMZnTAi2lpNB0rkLL196yIe91zVZm/ZaDaf+GI586nR wSG0jsxGi7w2HCa/ZNJOuErmSy5xigk4CDgNKijdW5TVb3lbDj5Z0Kkh9ekOYeA3 ZzRjkxOPdIad5qy58UAaDSdAbwhDehNcZocmobW210fjVbBRwH7KpoFiPRfbuZkS 6Q4JTPompmqAPeniGLou8leFi0rcxJtbAlhMNWFkd9aBSFGOavpP7c5H1/geDui5 Ds1g88WsaDbBW5JWZZzsCy1tf349KAq4DXHI7C9Y3LKW3DnFVzEcfm52DewmSc/1 qCo6i7QIKxzmMoVm0/MzHZYumY00RPum2IhcvRKA371zPiaXjD83yfLkTaB2voWu XcD7TG4NC21fNo38BWpBQwM38mqrsn7hK7uD+XYMa4K6Sn0SZ5cGs8i84HRO6lIw MeiTg90PTlQ1tZD4DEoVtDjlDXHkBbOPtUEELY2QVU/T6IhD0Gk= =Nsjq -----END PGP SIGNATURE-----