Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted glance 2:31.0.0-3 (source) into unstable
Date: Thu, 19 Mar 2026 16:07:05 +0000
Signed by: Thomas Goirand <zigo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 19 Mar 2026 16:17:23 +0100
Source: glance
Architecture: source
Version: 2:31.0.0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1131274
Changes:
 glance (2:31.0.0-3) unstable; urgency=medium
 .
   * Server-Side Request Forgery (SSRF) vulnerabilities in Glance image import.
     By use of HTTP redirects, an authenticated user can bypass URL validation
     checks and redirect to internal services. Add upstream patch:
     - OSSA-2026-004_Fix_SSRF_vulnerabilities_in_image_import_API.patch.
     (Closes: #1131274).
Checksums-Sha1:
 ff4847d0ff11afdc580b66b4ebb43c6fa4dd305c 3691 glance_31.0.0-3.dsc
 bacc2cc231eab1a79d915e297346879baf0a41a7 27792 glance_31.0.0-3.debian.tar.xz
 7fbfe9a8b068be402a171c6efe86f07c30afa38f 18942 glance_31.0.0-3_amd64.buildinfo
Checksums-Sha256:
 4176916d76e52a89d3b54b7add63cd32ff92603ae18de8b38739d2fb0ac6eab1 3691 glance_31.0.0-3.dsc
 a07ccff9ada838eea3b6d7dd1efbdfb6d9b2151c13ec7a6ba8a2e449b532ec42 27792 glance_31.0.0-3.debian.tar.xz
 2cb33ff7976d0a8af8d1f7889429d87f4e059519217e8e3763395564db597202 18942 glance_31.0.0-3_amd64.buildinfo
Files:
 7866b30981ce8e03ce4657e9d602cd6e 3691 net optional glance_31.0.0-3.dsc
 d7d55c6ef4f0190933f1ec1e84ce5ff6 27792 net optional glance_31.0.0-3.debian.tar.xz
 d4c7c2f1e33526aa2636f57d00483104 18942 net optional glance_31.0.0-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmm8GsIACgkQ1BatFaxr
Q/59Vg//WBNzCalvKlRglmkCDZLiDAJYDgf6AIyi+cOn9w2S+lwZ3q7JL0kMbvxn
5qjeoiD3xqVTSmMS/KnMBrYYIyVdwcWSURUBgh8SoMSxmm12JqdgcrKqsM1nK3D/
FmcXEVI9hGbXD2hbnP5Cg8eHKxOCc93BCNfYH8d5g64P/CnnS51skcDYg8Ige/L2
JShfFuJPISHrRALo7PXBQqz8DJomQ9QfnEEVvhI1OohqXxOduTIORj9wol7+/L/s
HvRki2aJ5e2xx0yytlSqeMqT25k6VuxI8SdwxFHO3+imUNoEKJIiHM8Bn55F0rC0
cSU448u6JcWpPjy8Zz8m4n4HSAJlNGCsXfL0kqylZ1tU4HaiXs7Nzj5cgdGufJwk
7a81ON1orAsMVYoPu8IwyvYNDxdSICLXfeXSIbBU66iDYgYlsFIazpvoQeDlMeHD
ma+T6ge+LKcrm+gz3IbIgvlEa9+iX494SyMv3h6EDFCqtJym6pwQwsToQBrt1A6a
yy+KMmKQKF3sHlTjqFSlsgAFzvD6lfelSvGDjVV2bRAgKPbB32sCQY//dDUw6d92
IFgKdajXYSEOK/n5N8TY6fmPOQFTFG9qzmijDdZoLS9L0/pvy08oojcWqxhAAc5U
Am0o2SMcvuI8tBlqNa5evRc/NtXVjqbKGxFwuyKLegtGH3YrZJw=
=4eJl
-----END PGP SIGNATURE-----

News for package glance