Marked for autoremoval on 26 February due to gloox: #919196high
Version 2:13.0.1-5 of cinder is marked for autoremoval from testing on Tue 26 Feb 2019. It depends (transitively) on gloox, affected by #919196. You should try to prevent the removal by fixing these RC bugs.
Problems while searching for a new upstream version
high
uscan had problems while searching for a new upstream version:
malformed opts=... in watch file, skipping line:
"uversionmangle=s/\.(b|rc)/~$1/",dversionmangle=s/\+dfsg\d+$// https://github.com/openstack/cinder/tags .*/(\d[\d\.]+)\.tar\.gz
CVE-2015-5162: The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.
CVE-2017-15139: A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.
Please fix it.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.3.0 instead of
4.1.3).
![[bug history graph]](https://qa.debian.org/data/bts/graphs/c/cinder.png){kind=link}