-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 10 Jul 2024 23:49:31 +0200
Source: nova
Architecture: source
Version: 2:26.2.2-1~deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1076774
Changes:
 nova (2:26.2.2-1~deb12u3) bookworm-security; urgency=high
 .
   * CVE-2024-40767: Regression VMDK/qcow arbitrary file access (CVE-2024-32498)
     Applied upstream patches (Closes: #1076774):
     - CVE-2024-40767_1_port_format_inspector_tests_from_glance_antelope.patch
     - CVE-2024-40767_2_Reproduce_iso_regression_with_deep_format_inspection_antelope.patch
     - CVE-2024-40767_3_Add-iso-file-format-inspector_antelope.patch
     - CVE-2024-40767_4_Change-force_format-strategy-to-catch-mismatches_antelope.patch
   * Add qemu-utils as build-depends to run new tests.
Checksums-Sha1:
 f311d2c06987ffb500685026bd86d04962cba99a 5096 nova_26.2.2-1~deb12u3.dsc
 a6796c58f74ec57267a33af7b0db4e63e6bfb552 6000800 nova_26.2.2.orig.tar.xz
 a8f7e5dfeeb5675abe20a6b115934619557a653b 88612 nova_26.2.2-1~deb12u3.debian.tar.xz
 b4cf46882e6fae0b12fdb90206ebc0f1dc3f00e9 23186 nova_26.2.2-1~deb12u3_amd64.buildinfo
Checksums-Sha256:
 3a6637f087ad5bd64c12ac1ce7215f051ee592cd6aef5213da0476c3f7b3bfaa 5096 nova_26.2.2-1~deb12u3.dsc
 d0fab415e15bfa70089b22e094d88ed3c7b66df0742bec52b4d9ff789e347571 6000800 nova_26.2.2.orig.tar.xz
 972ffa25b7de3a496cca7386df03c7d1fdb9675b6d8ace6fc4a5de161350dfe1 88612 nova_26.2.2-1~deb12u3.debian.tar.xz
 40e5ab996b7317b23a53ac5058597cebc8b92db75c6cdad80bf8edf651e69efe 23186 nova_26.2.2-1~deb12u3_amd64.buildinfo
Files:
 f763dbef10f0aa3bd36f439510ec94ed 5096 net optional nova_26.2.2-1~deb12u3.dsc
 fddc994a8d3d81c2c41a93eafad1ea29 6000800 net optional nova_26.2.2.orig.tar.xz
 599563ef4e9b6109fe876624d70a17d3 88612 net optional nova_26.2.2-1~deb12u3.debian.tar.xz
 482fe532c273a9343538c67e8ea1466b 23186 net optional nova_26.2.2-1~deb12u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmbEuz0ACgkQ1BatFaxr
Q/4sHg/+JlYj92d0fM9kEA/dbTX2UAUHAwoiVWFvZ1ECBs/iWSWYxOJuB70PM8nq
ziHSdgx3hUvwi5J/ie/7SNUKfQd9YYg9v9t6wlS97AhU8zqKMla2n56EUrUgDfY+
CVGXURx3X7xwsfiXCYl8EW6Nk3zEqgf9Rns1GWcsHVH8lb8Ydm6mU+3V3GRozuVX
/F71nAtSdRprw8sd5djd5HfXuC+VpfrvTx68FHcTZslJMEAIkgcXepiW0kSZEgRL
J1JBdaHIJDu3RuinUioAgP1RqIU1/k37K3Grk9e4vvO+UxU44cWbq7QmAyK+cjhX
+HeVJ9k0JrpSy/BKP8KFdIuoIWhBJ8shCZU4mRodQcZ2OqXVYVglA3TUwekacQQJ
+bL+oMkU7hp7OBUur4pkmgfhMn5jttJS8097fDcMFZ0XN9uwnZgwOdfN0ojqZ234
aC9afrQEwFIkWeZsxRMjJIyZ8T5UUaeGy3ENssnPOwbROofRSBU2JrkHgC6/egTd
+B4wUp7V57THfnl7HttUdbcZ2cp3gttFiDK02+V6+fCbhODNRaxKGx4g9neNpaST
CUu/SpMsvNyCFtUfbM230mnO70/Hg6dfIFE6Lnz81yGATZsJ4Cp4hddQ3YzKgRXm
IHCdp/RRhwFUokgWSq2ayAUwPLizPPgIOCIUyFGzs5j94GRkyBM=
=/IQ1
-----END PGP SIGNATURE-----