-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 21 Jun 2024 09:19:56 +0200 Source: cinder Architecture: source Version: 2:21.3.1-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian OpenStack <team+openstack@tracker.debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Closes: 1074763 Changes: cinder (2:21.3.1-1~deb12u1) bookworm-security; urgency=high . * New upstream release. * Drop CVE-2023-2088_Reject_unsafe_delete_attachment_calls.patch applied upstream. * Blacklist RBDISCSITestCase.test_unsupported_client_version(). * Add add-params-thin_provisioning-equal-one.patch. * CVE-2024-32498: Arbitrary file access through custom QCOW2 external data. Add upstream patch (Closes: #1074763): - cve-2024-32498-cinder-stable-2023.1.patch * Build-depends on qemu-utils. * Correctly calls manage_glance_api_servers() in config script. Checksums-Sha1: f1571dc5ed5def7e335624cf3c39185b7d0a87e1 4450 cinder_21.3.1-1~deb12u1.dsc b46d389cbe724b3f593646f2165f06f764da5cb4 4161296 cinder_21.3.1.orig.tar.xz 42c5333a820ddad3ff54098754a11a0292b480a9 67164 cinder_21.3.1-1~deb12u1.debian.tar.xz cac2ce00f55a75dedc0350a09f982c6c523d61c4 20669 cinder_21.3.1-1~deb12u1_amd64.buildinfo Checksums-Sha256: 43e962eadb1821e58a52e479b14e8b282c8877b4358bc9b8bbd3adf3784dd2f2 4450 cinder_21.3.1-1~deb12u1.dsc 11a30407dfe5167e0a96eee1e96d838b483c32d76eeb1274f68cb43290d5128d 4161296 cinder_21.3.1.orig.tar.xz fcfb8d4af0299c06d1ae715a36497e8712cd860a9b05cfa0242031468150a690 67164 cinder_21.3.1-1~deb12u1.debian.tar.xz 89b674d95f99818a41d678d9b4d939612dca593c3a77807e0ab2da86ff402a1b 20669 cinder_21.3.1-1~deb12u1_amd64.buildinfo Files: ec5779d2965d09ad0eb26b89371c1815 4450 net optional cinder_21.3.1-1~deb12u1.dsc 14aa8b46b946beec32ca38d13e196ce5 4161296 net optional cinder_21.3.1.orig.tar.xz 63cd23b24f3f3c93a5f876e1c78c23c9 67164 net optional cinder_21.3.1-1~deb12u1.debian.tar.xz 4ac46ffab712e4425a95d96de90d0bb4 20669 net optional cinder_21.3.1-1~deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmbEkDEACgkQ1BatFaxr Q/6bMw/+Np6911V9sMOznX8p2VRKtsdJ1as/kNHeEw70YQFaE19dkT/D4HWGhkgW Ka8tf0TVNOrOB+Kc/1qlkyEanw8h16SgOK1RxjpbAFNfmZQQCbxftQGhqiUBHSEe 9aDDUfgI4rnx+372JmGC3kDbH+eUMLLfqWQootG0LpDeFkFRiFEuyWW6+mNWhw7D zKtQgs7JmzT0BzfwS2RdgRkltoSHkKHxfMSVJ8oiYNFhOfHx3yS1OBt9TBQL8fpT 6e2uOo7zRlo1qoN+aWaeYi6IoepNrtmeNmRACUTKA5qTHVbaqWApBJCvoRcpm7ob DZ9p3Uwj12021XPTSLrGl5w7o5556kJs751Q9ekXwC3ehWZhyOkswcjun4Q2pumA KCKGyukeJj20nbLTjoW713i6qTW7HIbXZRxJ59aoCgw5f1+UcnlYrXcukO2fnFJJ Oz8qo7areGldIbMUr3wGq9aPHJGusPibChSoFKP0NC5UjYW9/97JQe9Zb1RGeQRl m3zOVcfvCUUof9TghKdbRZB6UlReCuGb4k/FsC3k3S/wcgH7N9h66DdJPDjAPD5m Dv5fwR5Lbv9e2iFi2eKRX/xU9Un+JBYvPHPGYsbXmW4PIaLdbsnu331IVkEYHhHe +JmTa40E7YS2W1H13We6jRuThWVZeoPeizlN6wJb5Wq2tV/QgIY= =h3Sl -----END PGP SIGNATURE-----