-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 24 Jan 2023 11:31:25 +0100 Source: nova Architecture: source Version: 2:22.0.1-2+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian OpenStack <team+openstack@tracker.debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Closes: 1029561 Changes: nova (2:22.0.1-2+deb11u1) bullseye-security; urgency=medium . * CVE-2022-47951: By supplying a specially created VMDK flat image which references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server resulting in unauthorized access to potentially sensitive data. Add upstream patch cve-2022-47951-glance-stable-victoria.patch (Closes: #1029561). Checksums-Sha1: 5b34041838c39107c06f2c2811399bfe5561f5e2 5339 nova_22.0.1-2+deb11u1.dsc 00feb086c56c8df4d0d85c795e33878eea75766f 5900180 nova_22.0.1.orig.tar.xz 4ff38fb907f356732392adc21e8dbc18040535e2 62092 nova_22.0.1-2+deb11u1.debian.tar.xz 20f5ca56aefae0fd497b1e1c5f0417d5b6c23be9 23807 nova_22.0.1-2+deb11u1_amd64.buildinfo Checksums-Sha256: 7861752c0bcf3238e0751d838637098a4c3e75bf03687c6049e52de3cc42e9c1 5339 nova_22.0.1-2+deb11u1.dsc 8bfc2c8d721237ad67f2a15a2882f366f5423f30e2fda802b3234f4280c7a262 5900180 nova_22.0.1.orig.tar.xz 11f2390bfe1ba6bfa583ef95cee98f377848065104579adf849167d2204a1ea1 62092 nova_22.0.1-2+deb11u1.debian.tar.xz daa7b094ee50822b95d2801f57895815fb26602c40277d38cc821a0677a9a909 23807 nova_22.0.1-2+deb11u1_amd64.buildinfo Files: dab63cd1547e4b92150e7904a1008d7f 5339 net optional nova_22.0.1-2+deb11u1.dsc e797a3036ecf56bd964a3117004dfcb8 5900180 net optional nova_22.0.1.orig.tar.xz 9666f29b16bb260d4c7d0087773e68c3 62092 net optional nova_22.0.1-2+deb11u1.debian.tar.xz b80f62561804c16659e10efa4ddb9106 23807 net optional nova_22.0.1-2+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmPXwJMACgkQ1BatFaxr Q/5zgg/+PhvC0jk9mZdBuhQl1RtglBgALFD2NHbY36Z3kQgf3ZtZx/fZV2caH4F1 YBdroqbQjFelexW00MAGlUWQCJiby5cXz9lCFw5x8hyNVEvSlG4r5bG7YlHG0f2s 2IebsgS1PqD4pwGV1jd6h/zE1NZAQND9ElC/ZkcleDJHxZdZl60rLViO3dhn5Ljv jKSew9r7ZA7L+nRn7+7rDsqi6ypoo7CMhNuUzfe0AU9YawvGCbVTFmcG6NnMDK09 j1ZyhIECO7GRbkQpqv7Lv/O4ZV8sH86UqV4Ifu+26Cu3HMXFg7mmRW2DQDZQd3wi UIy3b6GRZ6itH4pEb0d2j7QxVUax2eFGE7+g3FShFz/EutxI5+DnHjE60SzUobZ9 xIygLeNBIQ9Zc9S3K/fs9aPeJNDF10rbrBag9aBMJwS9nwOJn9xgL4kVbEaxGvEF 2oIi5Hmco6SiNkrGH6Pvt1yHlltHVRcFCU2Cw8pmOFxsGR4XTXgnFQ6l7hVqhav4 CjendO9TYEGLomem1+WZsIrEBnHrKpriy4eQFQPr3rCXyWx0VEX8z8Lh41Y1miIw sQV+nm0GcR6w9io66XTpUS4WKuWDG2Jsh2bmvU+mSXlzaKlQZ8PsBpMTq7+oqxK9 HUG4GsV5+cMRxhi+tOtQ7O5OLa4JdEmn3s7v0NbGebNSl+Bj6rk= =H2jP -----END PGP SIGNATURE-----