Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted nova 2:29.0.2-4 (source) into unstable
Date: Tue, 23 Jul 2024 12:20:07 +0000
Signed by: Thomas Goirand <zigo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 09 Jul 2024 03:54:55 +0200
Source: nova
Architecture: source
Version: 2:29.0.2-4
Distribution: unstable
Urgency: high
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1076774
Changes:
 nova (2:29.0.2-4) unstable; urgency=high
 .
   * Update CVE-2024-32498 patches from git.
   * CVE-2024-40767: Regression VMDK/qcow arbitrary file access (CVE-2024-32498)
     Added upstream patches (Closes: #1076774):
     - CVE-2024-40767_1_port_format_inspector_tests_from_glance.patch
     - CVE-2024-40767_2_Reproduce_iso_regression_with_deep_format_inspection.patch
     - CVE-2024-40767_3_Add-iso-file-format-inspector.patch
     - CVE-2024-40767_4_Change-force_format-strategy-to-catch-mismatches_caracal.patch
   * Add qemu-utils as build-depends to run above tests.
Checksums-Sha1:
 7a54e65fe51d8740754b3b15fdd354e7b64edf29 4797 nova_29.0.2-4.dsc
 638f1c3bb5177df4528d6505739639826824a4a4 87384 nova_29.0.2-4.debian.tar.xz
 d9c768fd7cab2335f9a94e07d666fb6a56859a48 24490 nova_29.0.2-4_amd64.buildinfo
Checksums-Sha256:
 36d08354ac596131ce5e87a99474f8d39bf90e200899ee186e022b216bc75cb4 4797 nova_29.0.2-4.dsc
 190bf091f0ee9f45ee227a24d84e9db1c2f618d8fd7dc57e08901d307a902fa2 87384 nova_29.0.2-4.debian.tar.xz
 29b81ab18f827ce439daabefe29719346b63eac3a05debd24fc432244a4e9bf2 24490 nova_29.0.2-4_amd64.buildinfo
Files:
 5ccc805480fd624d03eb16384eea2f56 4797 net optional nova_29.0.2-4.dsc
 a6a44d91c64a256feb2945a474af0565 87384 net optional nova_29.0.2-4.debian.tar.xz
 39fcf7886c4a17ab822053d19d851ff8 24490 net optional nova_29.0.2-4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmafmsQACgkQ1BatFaxr
Q/7OOQ/9HZcKAP16/5H13QHAZl1RB9fWDjFUhqiQbJsFGgL6PJSQvqJ++f9UICQh
VRG3YqKgEUsktEIocuCdSU3J5oIvll1y3DjBqrRTnoZ7jEDq3v3ZTaTKJigs3fZi
/h9wAWcZCY7xb/GnwE5cV2/+8Mq9LHqfEm+ioZcU7UpEYsbxB5QONm0TFspakhK+
xE6DQM1HA0cc+01IKsiw14oEeB+cO9cS90UJCS7q6dqW6ggw4h7R6O9zaQ2Hboiw
9VPD8uizSkjHyqEK4mIh7AMeFnlp6EqsiSNCzE701SNtn419zLiAFXdbA7y1X9PB
qdrAL/3uExnpAn+mAc0Fo5pl+lDrN5FnE+VoxGYs6nq45bQmht5/jpKfGTCYgRcY
35FzK6NAjO8YC2Q8k4+6R4rwTFaa30qqrl5KD1kQIVORyfBMBMU1tJBD7S8IHEm0
9jP7QJvlazyUAlIj5OZemCUfCTvsfuV3g5rPKDedE4AHuKfmS6CN2T9fiAvbDrFF
hse8TMJNPjo5iCJrndqqm1k84AAkBKvOPXYns5dw7DpbzMsopf1mkZTPsAx9ALu5
orMnbLicKV3pYcGHR+8i/NSRGmt4Pgiyqouzxcq/LkMf3wXavxL/MNW2V2qSNS0P
ufxxBWm2RqucUUbsKpJFXEyYaOeAqXE2lsdrtUYb+EVodpfQbKQ=
=jYeH
-----END PGP SIGNATURE-----

News for package nova