-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 21 Jun 2024 10:38:56 +0200 Source: glance Architecture: source Version: 2:25.1.0-2+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian OpenStack <team+openstack@tracker.debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Closes: 1074761 Changes: glance (2:25.1.0-2+deb12u1) bookworm-security; urgency=high . * CVE-2024-32498: Arbitrary file access through custom QCOW2 external data. Add upstream patch (Closes: #1074761): - CVE-2024-32498_1_Limit_CaptureRegion_sizes_in_format_inspector_for_VMDK_and_VHDX.patch - CVE-2024-32498_2_Support_Stream_Optimized_VMDKs.patch - CVE-2024-32498_3_1_glance-stable-2023.1.patch - CVE-2024-32498_3_2_glance-stable-2023.1.patch - CVE-2024-32498_3_3_glance-stable-2023.1.patch - CVE-2024-32498_3_4_glance-stable-2023.1.patch - CVE-2024-32498_3_5_glance-stable-2023.1.patch - CVE-2024-32498_3_6_glance-stable-2023.1.patch - CVE-2024-32498_3_7_glance-stable-2023.1.patch Checksums-Sha1: 936f491b51756914ecbb69f26d9d3c3cdc5aeaa5 3829 glance_25.1.0-2+deb12u1.dsc 26e73a82389323bec8bc203b298c23ae46c6dc12 1504620 glance_25.1.0.orig.tar.xz 3e5093da9435419ed6d909b01de7f82dd09067b0 31044 glance_25.1.0-2+deb12u1.debian.tar.xz 06d987d60636b04e0ddb64a7bb55cce021f452db 19110 glance_25.1.0-2+deb12u1_amd64.buildinfo Checksums-Sha256: 7f28e6a54f44845d7b8257198ca45bcec9a957867ee4e9a0387ff9970e52dc4b 3829 glance_25.1.0-2+deb12u1.dsc d90dc2acf25282337cf0394abd025bb6a35aa339beb920817eab70465ff3e119 1504620 glance_25.1.0.orig.tar.xz 7c3d97fdae84dd3e31b5ae41201dacfcb705324781557e7c72dfb8cccc29b6df 31044 glance_25.1.0-2+deb12u1.debian.tar.xz 5e0f52521883da3017904abef9a7ecd92355d6a79ccee421589a9c72e9caa76b 19110 glance_25.1.0-2+deb12u1_amd64.buildinfo Files: 161d2545294165e4bac8fbfca9bbab1e 3829 net optional glance_25.1.0-2+deb12u1.dsc 6dbe10c1a179ad92f1b97cf0375ace95 1504620 net optional glance_25.1.0.orig.tar.xz a43cfd5763f024aaa021b2b6c6d1ea23 31044 net optional glance_25.1.0-2+deb12u1.debian.tar.xz e8d707c6568e3f200e9a6520f0a251db 19110 net optional glance_25.1.0-2+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmbEkVYACgkQ1BatFaxr Q/71cQ//QZ4X5YAoXjFSDnrVD7685PHlSD4kzVd+DGsK8syTi3tFWcTr69P/x1OH BLKhLTYpS6xqv/bW9v13IfJCqKNjKMK2YA7Kl3CsPaDqkJadAkRrGEaPtOADHCkg S6pf15RpWSSwD6mP9njIFWwdh8PHhLv3iTdpVMQzPdt0ahxCITLxxLNHqLm0o359 fOQZOAL5iEzqSWwkFCxoL/joyqoe7cTeFye0RmEj064RVkYy57X0k8entCsifQFl VWfVMwsVzB0NTGpWXdhnsmQo8F2O0JPiA1LMbC3V5Zmq/HwMzK1729rAj2KqabCI WSRmGdRpjbPj2N0bhXTyw/PD6mT/egiH7v0RQBzSHlQqyhu2UqMWELNfjrH5tLP/ QrhIAhtg/UKfnPu46kRC+vb7fedbUXWgjDcsAsJ4t8Z4axf/Gn2PzekZB1QlOk0l gQTZUvnK5AEdtUvZuXXvlFXT+2DVbRf/nTqVMS8lHIHU/7ju+cxPCDezD0JDbKwe mOYGl7Ck6N//A0KFqeprklX3tfS/z2JcBkCXWmdrDo/MmnBcmPIlUi41ikr2ft4d EtLwOhAchC23Xef0UeXN8bZ5h1hFObpSHc8ytM9+wKz67M/eARDSqeQpMkXabvPc M7gKA8yH//SXsjLmRtspcc9V9UJik7HgKOUX0Jr5bzaZF6WsFBw= =/9CD -----END PGP SIGNATURE-----