This bug was fixed in the package cinder - 2:20.3.1-0ubuntu1.4~cloud0 --------------- cinder (2:20.3.1-0ubuntu1.4~cloud0) focal; urgency=medium . * SECURITY UPDATE for Ubuntu Cloud Archive. backport to focal. . cinder (2:20.3.1-0ubuntu1.4) jammy-security; urgency=medium . * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data (LP: #2059809) - debian/patches/CVE-2024-32498.patch: check for external qcow2 data file. - debian/control: added qemu-utils to Build-Depends so qemu-img is available for new tests. - CVE-2024-32498 . cinder (2:20.3.1-0ubuntu1.2) jammy; urgency=medium . [ Jorge Merlino ] * Increase size of volume image metadata values to 65535 bytes (LP: #1988942) . [ Heather Lemon ] * Start cinder-volume.service after tgt.service started (LP: #1987663) - d/cinder-volume.service.conf: drop-in with 'After=' and 'Wants=' ('Wants=' is not generated by pkgos-gen-systemd-unit currently). - d/cinder-volume.install: ship the systemd service drop-in file. . [ Seyeong Kim ] * HPE3PAR: Failing to clone a volume having children (LP: #1994521): - d/p/0001-HPE-3PAR-Fix-umanaged-volumes-snapshots-missing.patch - d/p/0002-3PAR-Error-out-if-vol-cannot-be-converted-to-base.patch - api 4.0.17 is added as it is in the middle of the main patch (4.0.18) . cinder (2:20.3.1-0ubuntu1.1) jammy; urgency=medium . * Revert driver assisted volume retype (LP: #2019190): - d/p/0001-Revert-Driver-assisted-migration-on-retype-when-it-s.patch . cinder (2:20.3.1-0ubuntu1) jammy; urgency=medium . * New stable point release for OpenStack Yoga (LP: #2037332). . cinder (2:20.3.0-0ubuntu1) jammy; urgency=medium . * New stable point release for OpenStack Yoga (LP: #2025503). * d/p/CVE-2023-2088.patch: Dropped. Fixed in point release. . cinder (2:20.2.0-0ubuntu1.1) jammy-security; urgency=medium . * SECURITY UPDATE: Unauthorized File Access (LP: #2021980) - debian/patches/CVE-2023-2088.patch: Reject unsafe delete attachment calls. - CVE-2023-2088 . cinder (2:20.2.0-0ubuntu1) jammy; urgency=medium . * New stable point release for OpenStack Yoga (LP: #2019759). * d/p/lp1945500.patch: Dropped. Fixed in stable point release. . cinder (2:20.1.0-0ubuntu2.2) jammy-security; urgency=medium . * SECURITY REGRESSION: Regressions in other projects (LP: #2020111) - debian/patches/series: Do not apply CVE-2023-2088.patch until patches are ready for all upstream OpenStack projects. - CVE-2023-2088 . cinder (2:20.1.0-0ubuntu2.1) jammy-security; urgency=medium . * SECURITY UPDATE: Unauthorized File Access - debian/patches/CVE-2023-2088.patch: Reject unsafe delete attachment calls. - CVE-2023-2088 . cinder (2:20.1.0-0ubuntu2) jammy; urgency=medium . * d/p/lp1945500.patch: Filter reserved image properties (LP: #1945500). . cinder (2:20.1.0-0ubuntu1) jammy; urgency=medium . * New stable point release for OpenStack Yoga (LP: #2004030). . cinder (2:20.0.1-0ubuntu1) jammy; urgency=medium . * d/gbp.conf: Create stable/yoga branch. * New stable point release for OpenStack Yoga (LP: #1985084). . cinder (2:20.0.0-0ubuntu1) jammy; urgency=medium . * d/watch: Scope to 20.x. * New upstream release for OpenStack Yoga. * d/control: Align (Build-)Depends with upstream. . cinder (2:19.0.0+git2022030310.b49fb59a6-0ubuntu2) jammy; urgency=medium . * d/p/fix-qos-computation.patch: Cherry-pick from upstream review to fix TypeError exception when generating QOS feature name (LP: #1948507). . cinder (2:19.0.0+git2022030310.b49fb59a6-0ubuntu1) jammy; urgency=medium . * New upstream snapshot for OpenStack Yoga. . cinder (2:19.0.0+git2022011215.23494a6d6-0ubuntu1) jammy; urgency=medium . * New upstream snapshot for OpenStack Yoga. * d/control, d/rules: Bump debhelper compat to 13. . cinder (2:19.0.0+git2021120811.e5ef39604-0ubuntu2) jammy; urgency=medium . * d/t/control: Add allow-stderr restriction to prevent autopkgtest failure when SQLAlchemy issues a warning. . cinder (2:19.0.0+git2021120811.e5ef39604-0ubuntu1) jammy; urgency=medium . * New upstream snapshot for OpenStack Yoga. * d/control: Align (Build-)Depends with upstream. . cinder (2:19.0.0-0ubuntu2) impish; urgency=medium . * d/py3dist-overrides: Add SQLAlchemy to ensure d/control is not overridden. * d/control: Align (Build-)Depends with upstream. . cinder (2:19.0.0-0ubuntu1) impish; urgency=medium . * d/watch: Scope to 19.x. * New upstream release for OpenStack Xena. . cinder (2:19.0.0~b1+git2021091409.768b8996b-0ubuntu1) impish; urgency=medium . * New upstream snapshot for OpenStack Xena. . cinder (2:18.0.0+git2021072116.81f2aaeea-0ubuntu1) impish; urgency=medium . * New upstream snapshot for OpenStack Xena. * d/control: Align (Build-)Depends with upstream. . cinder (2:18.0.0+git2021061414.d5f0e5187-0ubuntu1) impish; urgency=medium . * New upstream snapshot for OpenStack Xena. * d/control: Align (Build-)Depends with upstream. . cinder (2:18.0.0-0ubuntu3) hirsute; urgency=medium . * d/p/skip-victoria-failures.patch: Restored and rebased. This is still necessary for Launchpad builds. . cinder (2:18.0.0-0ubuntu2) hirsute; urgency=medium . * d/p/skip-victoria-failures.patch: Dropped. Fixed upstream. * d/p/add-mock-psutil-in-quobyte-tests.patch: Dropped. Fixed upstream. . cinder (2:18.0.0-0ubuntu1) hirsute; urgency=medium . * New upstream release for OpenStack Wallaby. . cinder (2:18.0.0~b1-0ubuntu2) hirsute; urgency=medium . * d/py3dist-overrides: Add boto3 which is a Suggests. . cinder (2:18.0.0~b1-0ubuntu1) hirsute; urgency=medium . * d/watch: Track 18.x series. * New upstream milestone for OpenStack Wallaby. * d/control: Align (Build-)Depends with upstream. * d/p/skip-moto-tests.patch: Skip test dependency that is not yet packaged in Ubuntu and was added late in cycle. * d/p/patch-botocore-exceptions.patch: Account for changes to botocore vendored exceptions. . cinder (2:17.0.1+git2021012507.d26092348-0ubuntu3) hirsute; urgency=medium . * d/*: Remove tgt in favor of targetcli-fb. . cinder (2:17.0.1+git2021012507.d26092348-0ubuntu2) hirsute; urgency=medium . * d/p/add-mock-psutil-in-quobyte-tests.patch: Add a mock of psutil disk_partitions to fix failing unit test (LP: #1913607). . cinder (2:17.0.1+git2021012507.d26092348-0ubuntu1) hirsute; urgency=medium . * New upstream snapshot for OpenStack Wallaby. . cinder (2:17.0.1+git2021010614.a9c922ab7-0ubuntu1) hirsute; urgency=medium . * New upstream snapshot for OpenStack Wallaby. * d/control: Align (Build-)Depends with upstream. . cinder (2:17.0.1+git2020120911.d3ffa90ba-0ubuntu1) hirsute; urgency=medium . * New upstream snapshot for OpenStack Wallaby. * d/control: Align (Build-)Depends with upstream. . cinder (2:17.0.0-0ubuntu1) groovy; urgency=medium . * New upstream release for OpenStack Victoria. . cinder (2:17.0.0~rc2-0ubuntu1) groovy; urgency=medium . * d/control: Update VCS paths for move to lp:~ubuntu-openstack-dev. * d/watch: Track 17.x series. * New upstream release candidate for OpenStack Victoria. * d/control: Align (Build-)Depends with upstream. . cinder (2:17.0.0~b3~git2020091007.afcaf0b9d-0ubuntu3) groovy; urgency=medium . * d/py3dist-overrides: Add python3-zstd to py3dist-overrides. . cinder (2:17.0.0~b3~git2020091007.afcaf0b9d-0ubuntu2) groovy; urgency=medium . * d/p/skip-victoria-failures.patch: Restored to skip failing unit tests. . cinder (2:17.0.0~b3~git2020091007.afcaf0b9d-0ubuntu1) groovy; urgency=medium . * d/control: Remove Breaks/Replaces that are older than Focal (LP: #1878419). * New upstream snapshot for OpenStack Victoria. * d/control: Align (Build-)Depends with upstream. * d/p/*: Removed. Changes landed upstream and tests fixed. * d/control: Add new python3-zstd package to depends. . cinder (2:17.0.0~b2~git2020073012.2124f39f9-0ubuntu1) groovy; urgency=medium . * New upstream snapshot for OpenStack Victoria. * d/p/*: Refreshed. . cinder (2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1) groovy; urgency=medium . * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. Cinder is patched in 16.1.0 stable point release. - d/control: Align (Build-)Depends with min version of python3-os-brick required to fix credential exposure. - CVE-2020-10755 * New upstream snapshot for OpenStack Victoria. * d/control: Align (Build-)Depends with upstream. * d/p/py38skip.patch: Dropped. No longer needed. * d/p/skip-victoria-failures.patch: Rebased and updated with upstream bug.