Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted cinder 2:21.0.0-3 (source) into unstable
Date: Tue, 24 Jan 2023 17:05:54 +0000
Signed by: Thomas Goirand <zigo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 24 Jan 2023 17:19:39 +0100
Source: cinder
Architecture: source
Version: 2:21.0.0-3
Distribution: unstable
Urgency: high
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1029562
Changes:
 cinder (2:21.0.0-3) unstable; urgency=high
 .
   * CVE-2022-47951: By supplying a specially created VMDK flat image which
     references a specific backing file path, an authenticated user may convince
     systems to return a copy of that file's contents from the server resulting
     in unauthorized access to potentially sensitive data. Add upstream patch
     CVE-2022-47951_Check_VMDK_subformat_against_an_allowed_list.patch
     (Closes: #1029562).
Checksums-Sha1:
 ff9fae0e04f0f99aa8d88f627b2022b4fb3ddf32 4396 cinder_21.0.0-3.dsc
 d9db718bc3602928f27dcb8c834476547914b876 55472 cinder_21.0.0-3.debian.tar.xz
 2a9de52658f4bd89432024a6ac6cb61b170c12d9 19923 cinder_21.0.0-3_amd64.buildinfo
Checksums-Sha256:
 ce11d02c81c3c4b719516709e726c52a30eb97e30fb9b39a0f9614a1b67a54c3 4396 cinder_21.0.0-3.dsc
 bb8effedcaddb3a9dc041800e8ac50da9332a49212996d51a4c0ec24bbffbe92 55472 cinder_21.0.0-3.debian.tar.xz
 340b8ebdcdece6fb23e2a86ff91d7fa1b4dbace8c0b043a082754f6ab7f73cea 19923 cinder_21.0.0-3_amd64.buildinfo
Files:
 bab02674d7045d2422acdc8ed57d8b12 4396 net optional cinder_21.0.0-3.dsc
 9bc3fcf59e4a74524344791e6a2e1014 55472 net optional cinder_21.0.0-3.debian.tar.xz
 0b3daad95a7e2056b16e43050ea5704f 19923 net optional cinder_21.0.0-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmPQCQQACgkQ1BatFaxr
Q/52XQ/9ENsx/BfAxqJtwD2xeHPSNN41D7XziZTlw2Mu53z9Ml5G+RhY0tJxfMIS
wlmxVcg47vqLUV3gRjKmG9p61ML1XylLZABmP1O/a1d3PDWZW4MlQvXhhchSkaAJ
2w7XN0GLWjpK/brCjUuHQU06/asso7hL1YNow/6x2XASl0OupVHHC2EJBBlIOPtm
tC8H/w6ACTohLDUPkCTVrTW7aj1zKXz4Hhoel5McjohVwIeaT15Nu7iIIGoeFgSG
ysiKH8oBjDsKUPj81KLOW8JLhv+PcTyuiAonxSaafPEmS8bysGtQue9tEOVb7Y2T
0koJ4aAEm8zqt95ugoZ/DAt8QqR0k39X1eSSxfOkG/ZN1kwb/hgDrj5DkG72LbjM
HVKuJpilfyC+0dDNU3H1GeQqs/4/t99gHzE9EAPaatlM5k2atAmovHp2o4DOdrwy
Cd6FyUxY1Gv2ZrTNKJkp5f5cyhaabGc02yke5oT/eDFqaOB3uAV+gJedlTWtcQTE
SXE3qzli0trYQJcNyEDAqyu/dmkdwGhrcBZ3B3TdIsTpc1uLDeP3qEDUdl+fGbWT
YQfYtbDb5vWIxSdNXXFHG34QW9UAg41QyVQB/9giRgK/5yS+JUx/m1/M3Se51NiI
rQh5pzeJOOI+kjiE2IwPrNtdpuwzC6eNkrvs8euF6KdHFrlZ958=
=rdSP
-----END PGP SIGNATURE-----

News for package cinder