-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 18 Jan 2023 10:14:44 +0100 Source: glance Architecture: source Version: 2:21.0.0-2+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian OpenStack <team+openstack@tracker.debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Closes: 1029563 Changes: glance (2:21.0.0-2+deb11u1) bullseye-security; urgency=medium . * CVE-2022-47951: By supplying a specially created VMDK flat image which references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server resulting in unauthorized access to potentially sensitive data. Add upstream patch cve-2022-47951-glance-stable-victoria.patch (Closes: #1029563). Checksums-Sha1: a55a859e2366820084168fa126fb8e887120c8c9 3768 glance_21.0.0-2+deb11u1.dsc 5bc58570ac46747db867f53e6633bba8a68d2f0a 1471508 glance_21.0.0.orig.tar.xz c8ee1328ec0761ce296fe0fb83d1e7b4d11f25d2 18852 glance_21.0.0-2+deb11u1.debian.tar.xz ffbc487672efc487022e797d9a5f96536ad56882 18111 glance_21.0.0-2+deb11u1_amd64.buildinfo Checksums-Sha256: 738bf183334415d0c78e9546e1c395b225809bfa18b4fc800d6c37ab81ebbba2 3768 glance_21.0.0-2+deb11u1.dsc 7e9e96711ca27913cae31c0992a90edd4f572a66768162324ce8aa79ccc7820d 1471508 glance_21.0.0.orig.tar.xz 18312e8c4b194415b0a06a8419b3451f57b16a1f0e37fa4a8c376b2544b45e57 18852 glance_21.0.0-2+deb11u1.debian.tar.xz 264766a40f873ed3fae836c778652c0469d81845a30e676e75cf313483335d4d 18111 glance_21.0.0-2+deb11u1_amd64.buildinfo Files: 89ab7d0ac9486b299ce7125985186a0d 3768 net optional glance_21.0.0-2+deb11u1.dsc bef1454ed9865225181e6ec7df9b23ff 1471508 net optional glance_21.0.0.orig.tar.xz 0c1aceab581b54b7a88324cd5aba21a0 18852 net optional glance_21.0.0-2+deb11u1.debian.tar.xz fd037e53d5c991c0885fddb7d0a2419e 18111 net optional glance_21.0.0-2+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmPXv+kACgkQ1BatFaxr Q/5MRw/+PIR+Km+VwZXdTJPt72V7XaAlouB4nutToHm1TF93w5vshObfo44nSVQe CdBxbcPp8TdzsYM143KWzp2WVu2b/Wy2MNpvAtIvz5Pbqxbw4hX7RDBIW7hHR9cn JjlBL6tHrN7sZP+sPjQP4Lp9MoqevkSBtlimhrE5yBg+r+SEIwuos2P/m6oDoj7v Dwr5flg6gQ7OcpKz482dzn6fK5HaPB6Xf9QYaLL/5L0ZsDgxLAP5eiq/oLQvo6HU n+u1ipgDdOltFbIAttFp8+uBqKeOVXzpaAfSmQkjJQm5hpaj4DOCBM4bTYMii672 2SgfqTqFw9TYsiA4SvnJ6Iy3ll9m7/7bU4yADBdtlOWW9SZ+YxDooKlc5KWZQIPj P0W7pPitP1UcjqDwfJErX2odVSIbUL5W4Oln1jLBlLeK+OA5IjWayp41o/tTwCma UVKScs40mlp+NUsRkIxPrqWie6PEn1scn/L+aFk5uWWBBp5IRqvJdu3ikCcFJVBD 5mJYP6TZp9Rlsc7u1WvYKrCWxhqAOc99tyfj+v41E8VOLhNcn5NExtZTeF8K8j5d NqwkXhlVFlAHu6y4IbqUtSzluUJxYo7UbaLdLwAh7VpAGIe11/gSbEz1UG9LH8Ny uiD/O1AgzACmo1eEHS3gTWqOfHdK/sgbNy1vDNKNoTDs6vza1t4= =Y2Jg -----END PGP SIGNATURE-----
