-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 21 Jun 2024 10:38:56 +0200 Source: glance Binary: glance glance-api glance-common glance-doc python3-glance Architecture: all Version: 2:25.1.0-2+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: all Build Daemon (x86-csail-02) Changed-By: Thomas Goirand Description: glance - OpenStack Image Registry and Delivery Service - Daemons glance-api - OpenStack Image Registry and Delivery Service - API server glance-common - OpenStack Image Registry and Delivery Service - common files glance-doc - OpenStack Image Registry and Delivery Service - Documentation python3-glance - OpenStack Image Registry and Delivery Service - Python library Closes: 1074761 Changes: glance (2:25.1.0-2+deb12u1) bookworm-security; urgency=high . * CVE-2024-32498: Arbitrary file access through custom QCOW2 external data. Add upstream patch (Closes: #1074761): - CVE-2024-32498_1_Limit_CaptureRegion_sizes_in_format_inspector_for_VMDK_and_VHDX.patch - CVE-2024-32498_2_Support_Stream_Optimized_VMDKs.patch - CVE-2024-32498_3_1_glance-stable-2023.1.patch - CVE-2024-32498_3_2_glance-stable-2023.1.patch - CVE-2024-32498_3_3_glance-stable-2023.1.patch - CVE-2024-32498_3_4_glance-stable-2023.1.patch - CVE-2024-32498_3_5_glance-stable-2023.1.patch - CVE-2024-32498_3_6_glance-stable-2023.1.patch - CVE-2024-32498_3_7_glance-stable-2023.1.patch Checksums-Sha1: 12fc143141db46b72d83da365d938dcfe93b0ffe 37540 glance-api_25.1.0-2+deb12u1_all.deb 63f76997492a57de0f4d931e96dec23c51e4f8e3 93052 glance-common_25.1.0-2+deb12u1_all.deb 9d091b49ff5c936c788154e49d6af137c2ee447d 2406872 glance-doc_25.1.0-2+deb12u1_all.deb 4694bb4a9afa98e0596caece04b157583b21fc72 18505 glance_25.1.0-2+deb12u1_all-buildd.buildinfo b943397fd925714cd5bbdf37fff195dbb9f5e7ed 4588 glance_25.1.0-2+deb12u1_all.deb 7e3cc2e8f3caa3bce275410590c5df693517911b 444776 python3-glance_25.1.0-2+deb12u1_all.deb Checksums-Sha256: 98764556cac83e812425791f7729d509b6bf906df6a3b62fe00e61e9f7bf5ce9 37540 glance-api_25.1.0-2+deb12u1_all.deb ddf82565e10cbcfe78868037fafb8178367888d2967fe87984561f9fe4a73327 93052 glance-common_25.1.0-2+deb12u1_all.deb 78089103909217930a3d901accaa923fdb320aa172d588e3cb0dec64187cdf03 2406872 glance-doc_25.1.0-2+deb12u1_all.deb f995f03dee3def1b483cbf2b0534d343aea5af61ce0b2bc4a2113cf1e9e50bab 18505 glance_25.1.0-2+deb12u1_all-buildd.buildinfo a3030acd1531b10ea435c53ceddc8a6563f4c2d670c4d9e77c36c54d294a5b3c 4588 glance_25.1.0-2+deb12u1_all.deb eb3e74e9cdb5a1b3376907f2d7884b2284725d1e5614c71f7c9cefe14add56f0 444776 python3-glance_25.1.0-2+deb12u1_all.deb Files: 6481d946d78c6d12fc3839df944e7896 37540 net optional glance-api_25.1.0-2+deb12u1_all.deb 3e4ed868fe3e04b559183fbec085ee7b 93052 net optional glance-common_25.1.0-2+deb12u1_all.deb 6227da20df052a692f0b6b773850225b 2406872 doc optional glance-doc_25.1.0-2+deb12u1_all.deb fac6f97656603715e60a456b31eb921f 18505 net optional glance_25.1.0-2+deb12u1_all-buildd.buildinfo bccd7fe8184ca9f33dc9adc3fc3533f4 4588 net optional glance_25.1.0-2+deb12u1_all.deb d08024df6612d7dc6a63936672b07fd1 444776 python optional python3-glance_25.1.0-2+deb12u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEzcbx6nIE/ydHa1FFigL77i1GSVkFAmbEmmYACgkQigL77i1G SVn9hBAAib52ysnlw0hVTK7NeJhwkN0ON/tdrUit9+wr78WLEyiEKX8PGVWn3dcd zVljbCg8jIdS8GmVWnlSpQg2qBbP9JbfugE/rHF/ynvf+JJ5OASiNiVgN1wKtt9l qHUmkrIjalRZOWc37GJ8P3et2BdxvhKcOEdiDf0MrNmcrXSp0gApi/8aSCl07ydF 4t7VpTpuToc7rb5ruCL1wXLE7fTgilhkfXHEsEweHCseUNhWCXVdnS2miNx5qrrm eJfmdJPEB4ye0nY/3d9IQFpHvLSv2nOMgJEVaixUSiz71iUDjSky5yhToXgUSGv7 8UfqOqR51N65VNSlPnNH4BuAhLx1R5x14rEJNGljgoh/HmFU0/y5k+zj4LW4lFZ2 7/RIF7MdM1mQIWa/2z35JT931bfaSQ4RNO/R1/Wy5zv9+t9r0mQdNqrEcrPNi3le bStb79U3WeL5adC7JawuW3gU11BjbY1P2L2hopoqKTD40aVFoYbIeuV46CfqnEgr +Dha1uYrO3NVhY2CUu1PHym+z0Khq+SrJ1FtisJ6bk70HXDILsyRcPueXgaxTEBC rZxgsoj+FRsw/COtVsXBkfkvsYTHFwlayKckidM0wjynU9gi/+c4aKqlkPhbmsm0 Zinb+gh/StfoRYwz0UP6bkXTP7WHWu+6tY0s3/q2+4Zb+GWsdLU= =dGJY -----END PGP SIGNATURE-----