Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted glance 2:28.0.1-3+deb12u1 (source) into unstable
Date: Tue, 02 Jul 2024 15:19:05 +0000
Signed by: Thomas Goirand <zigo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 21 Jun 2024 09:35:02 +0200
Source: glance
Architecture: source
Version: 2:28.0.1-3+deb12u1
Distribution: unstable
Urgency: high
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1074761
Changes:
 glance (2:28.0.1-3+deb12u1) unstable; urgency=high
 .
   * CVE-2024-32498: Arbitrary file access through custom QCOW2 external data.
     Add upstream patch (Closes: #1074761):
     - CVE-2024-32498_1_1_glance-stable-2024.1.patch
     - CVE-2024-32498_1_2_glance-stable-2024.1.patch
     - CVE-2024-32498_1_3_glance-stable-2024.1.patch
     - CVE-2024-32498_1_4_glance-stable-2024.1.patch
     - CVE-2024-32498_1_5_glance-stable-2024.1.patch
     - CVE-2024-32498_1_6_glance-stable-2024.1.patch
     - CVE-2024-32498_1_7_glance-stable-2024.1.patch
Checksums-Sha1:
 288a585b099fb6bb2d47b949d64e1edb3184f085 3769 glance_28.0.1-3+deb12u1.dsc
 220d4f9e62f3da625f3f0d332ff42117f0f0e90e 28028 glance_28.0.1-3+deb12u1.debian.tar.xz
 0f73fc2459fa76c3601d087a608168a811204b34 19410 glance_28.0.1-3+deb12u1_amd64.buildinfo
Checksums-Sha256:
 8ef2709c3a5bb7aee92c00e680d25c08398f0648ca02a3407c124aca16818833 3769 glance_28.0.1-3+deb12u1.dsc
 39d080772bf21519e2d1602a2dfc91e15f5a2ef7d5fec69a5781a13ceaf1b672 28028 glance_28.0.1-3+deb12u1.debian.tar.xz
 fa3809b74456316445674965e2860742fb32fd0b95a6ec639858f52facbcb356 19410 glance_28.0.1-3+deb12u1_amd64.buildinfo
Files:
 d3f7e9b9160ff4583c3586e814c383f9 3769 net optional glance_28.0.1-3+deb12u1.dsc
 e0d93830cb3c6a2fb0a592333cf93c3b 28028 net optional glance_28.0.1-3+deb12u1.debian.tar.xz
 3bdba3c0895e1f1566da9d1abe086757 19410 net optional glance_28.0.1-3+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmaEFnAACgkQ1BatFaxr
Q/5T/BAAgXTdUOismaegXqpXvAQJhN+d9q2C7vY1UVHHWH24fezrz6TYq/HUPVVU
dAXgehiHoAa6hjunKx6mhWUbqcclDewDFnaE4oVNLTp1JO7TYcRu2P8i1FgIqsVa
wgVahmdTlumTGLectefLINTO4bLVZQM+m1tVyPU6rzq6yCh22riQKS24nD1iPBtC
4V/fOHolgaeAMUi65Wf6JdihAM4/IWprCAzDAjBEMLSphOCxAKyklzkbRN014QG1
Je34X0Fixl8vAancl4AKITf9KMKLYM/x3SfotSbCOk17wbCdg1MK+XO87dWooXM8
k8yp86CaGHiM/L+a1xvbcbBgaeRRYt8m4Daqg28d67rRlrePlw5r+RdxDWJUBojY
WuYfBvtRZWqhsOzAsgzdu1iv8NTWrIj1s8dDBi5iWPWAvaMhwh3Z7sMzXY4ogdcO
o313jTpki6ck/hIujJpTAFJLpnLmihiztlh6dlKuANnNkmMu8Wks8RMMp5XbH5uz
lWdFtvtwOFjzA6j0FjrWAONbMJc+NB808AT4akR8hpmOBoN9znsesQ8oh4ScR1DR
ab2JIkFvTwb6OozzbHMs2qbZiWjO5V22TmoCdlfU4F8uSRt+39zGT0ACMw5ITs+y
lKVOMVM2v5K/8X7UZkxOQP/3lYXgZwYucasr4udYuNxgLRHy0IA=
=1/l/
-----END PGP SIGNATURE-----

News for package glance