Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-experimental-changes@lists.debian.org> , <debian-devel-changes@lists.debian.org>
Subject: Accepted glance 2:32.0.0~rc1-3 (source) into experimental
Date: Thu, 19 Mar 2026 16:19:29 +0000
Signed by: Thomas Goirand <zigo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 19 Mar 2026 16:05:37 +0100
Source: glance
Architecture: source
Version: 2:32.0.0~rc1-3
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1131274
Changes:
 glance (2:32.0.0~rc1-3) experimental; urgency=medium
 .
   * Server-Side Request Forgery (SSRF) vulnerabilities in Glance image import.
     By use of HTTP redirects, an authenticated user can bypass URL validation
     checks and redirect to internal services. Add upstream patch:
     - OSSA-2026-004_Fix_SSRF_vulnerabilities_in_image_import_API.patch.
     (Closes: #1131274).
Checksums-Sha1:
 b19a9dff14ffbc6a4d3d37ca164ce507c2e6f0aa 3735 glance_32.0.0~rc1-3.dsc
 1ab327b5081dbf6ca9c916ea8f1ba4b7354c90a6 27916 glance_32.0.0~rc1-3.debian.tar.xz
 38a024a66ffeb9f90893ef76fffaeafafae875d3 19150 glance_32.0.0~rc1-3_amd64.buildinfo
Checksums-Sha256:
 9efaeba18d61c6dcf25cd316bb227d498d487530be70c568ed5097324543a83a 3735 glance_32.0.0~rc1-3.dsc
 cf1aa9f5e3e0abf760cc2deab8a4e99eb9100a27f466c601bbae770667849390 27916 glance_32.0.0~rc1-3.debian.tar.xz
 9ec5624f16fbbf8fa7b024a5ccdf0d953056dd44300bbfcc63e3ce86f8d73f53 19150 glance_32.0.0~rc1-3_amd64.buildinfo
Files:
 713160c7141fdf357f50c272fd5e7186 3735 net optional glance_32.0.0~rc1-3.dsc
 0761e4447ddc832a4fdb27fa68248c2f 27916 net optional glance_32.0.0~rc1-3.debian.tar.xz
 7d73fb1eae80cefa54545dd33b515fca 19150 net optional glance_32.0.0~rc1-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmm8HKwACgkQ1BatFaxr
Q/4OCQ//UMo8nEfE2FNEXb5FWXzG1+LgZ8yt6UZwW4e85O+XL+JM2xNTDMDXE8Em
9dZwavEYvTE2RKN60+57EuK3xeLq5wI1F5/kAhyhQmyh8htNoZ/AVOGMDK1bUmBx
NjALp5humtAiLiVRM2X6Hdx91CLswwIs7kbFAZ6gy/JdqR1JypOa/dHjCInMwLWX
J4ke3HX0SS0vsiknRoT2nV6e1ZNhjJ1t4eToORQ/O86VQ0cG9MeeJkDyumbxBCe2
HT/YMicVZEfa+iVyAT/CREzcHeuZNKynDuU6heGMfhNaytXvXztuW/fl97WGYDPm
/nFqThv5113/o+IQwRfYbkhvoth1r6X2xr61PcdxMdpTrwZe31WwboqHNMpNyYF+
pfAVT5Pc068RUCU5YTDxCaV0LpeZTaDXnUxyEifqAy/EQ86Jrh/dWTEcWVpnwOem
x0YBUWYQTZ9TlkT0cJKLEMMlGXMEZXOrQP7Vy/tiENA6HPbSKBtXsm5pIFO2fh6L
YitW6Itx6mN/vWEIziEC7mphCkaKvyC6bbwo5uaX2o3pcnHVNDFCxV34ZozC080h
kH2HCLGSVb07ZfD2rBqFY+ORQUvVWDd8VIGvRkeHjF2Dvbdqj+dECVKr+1PSEZgR
4USREWNrnPEcLIsieiCCxXRJLWpxZ91yC2I07gZyUBz2VgiHKxE=
=tuCx
-----END PGP SIGNATURE-----

News for package glance