This bug was fixed in the package nova - 3:25.2.1-0ubuntu2.3~cloud0 --------------- nova (3:25.2.1-0ubuntu2.3~cloud0) focal; urgency=medium . * SECURITY UPDATE for Ubuntu Cloud Archive. backport to focal. . nova (3:25.2.1-0ubuntu2.3) jammy-security; urgency=medium . * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data (LP: #2059809) - debian/patches/CVE-2024-32498-pre1.patch: consolidate create_cow_image and create_image. - debian/patches/CVE-2024-32498-1.patch: reject qcow files with data-file attributes. - debian/patches/CVE-2024-32498-2.patch: check images with format_inspector for safety. - debian/patches/CVE-2024-32498-3.patch: additional qemu safety checking on base images. - debian/patches/CVE-2024-32498-4.patch: fix vmdk_allowed_types checking. - CVE-2024-32498 . nova (3:25.2.1-0ubuntu2) jammy; urgency=medium . * d/p/libvirt-remove-default-cputune-shares-value.patch: Enable launch of instances with more than 9 CPUs on Jammy (LP: #1978489). . nova (3:25.2.1-0ubuntu1) jammy; urgency=medium . * New stable point release for OpenStack Yoga (LP: #2037332). . nova (3:25.2.0-0ubuntu1) jammy; urgency=medium . * New stable point release for OpenStack Yoga (LP: #2025503). * d/p/CVE-2023-2088-*.patch: Dropped. Fixed in point release. . nova (3:25.1.1-0ubuntu1.1) jammy-security; urgency=medium . * SECURITY UPDATE: Unauthorized File Access (LP: #2021980) - debian/patches/CVE-2023-2088-1.patch: Use force=True for os-brick disconnect during delete. - debian/patches/CVE-2023-2088-2.patch: Enable use of service user token with admin context. - CVE-2023-2088 . nova (3:25.1.1-0ubuntu1) jammy; urgency=medium . * New stable point release for OpenStack Yoga (LP: #2019759). * d/p/ignore-deleted-server-groups-in-validation.patch: Dropped. Fixed in stable point release. . nova (3:25.1.0-0ubuntu2.2) jammy-security; urgency=medium . * SECURITY REGRESSION: Regressions in other projects (LP: #2020111) - debian/patches/series: Do not apply CVE-2023-2088.patch until patches are ready for all upstream OpenStack projects. - CVE-2023-2088 . nova (3:25.1.0-0ubuntu2.1) jammy-security; urgency=medium . * SECURITY UPDATE: Unauthorized File Access - debian/patches/CVE-2023-2088.patch: Use force=True for os-brick disconnect during delete. - CVE-2023-2088 . nova (3:25.1.0-0ubuntu2) jammy; urgency=medium . * Backport fix to ignore deleted server groups (LP: #1890244) d/p/ignore-deleted-server-groups-in-validation.patch . nova (3:25.1.0-0ubuntu1) jammy; urgency=medium . * New stable point release for OpenStack Yoga (LP: #2004030). . nova (3:25.0.1-0ubuntu1) jammy; urgency=medium . * New stable point release for OpenStack Yoga (LP: #1980369). . nova (3:25.0.0-0ubuntu1.1) jammy; urgency=medium . [ Corey Bryant ] * d/gbp.conf: Create stable/yoga branch. . [ Felipe Reyes ] * d/nova-common.postinst: Don't change file permissions under /var/lib/nova/.ssh (LP: #1904580). . nova (3:25.0.0-0ubuntu1) jammy; urgency=medium . * d/watch: Scope to 25.x series * New upstream release for OpenStack Yoga. . nova (3:24.0.0+git2022030310.3f274c65cc-0ubuntu2) jammy; urgency=medium . * d/control: Drop min version of python3-testtools to 2.4.0. . nova (3:24.0.0+git2022030310.3f274c65cc-0ubuntu1) jammy; urgency=medium . * New upstream snapshot for OpenStack Yoga. * d/control: Align (Build-)Depends with upstream. . nova (3:24.0.0+git2022011217.ea3945f71c-0ubuntu1) jammy; urgency=medium . * New upstream snapshot for OpenStack Yoga. * d/control, d/rules: Bump debhelper compat to 13. . nova (3:24.0.0+git2021120815.755aa11e0c-0ubuntu1) jammy; urgency=medium . * New upstream snapshot for OpenStack Yoga. * d/control: Align (Build-)Depends with upstream. . nova (3:24.0.0-0ubuntu1) impish; urgency=medium . * d/watch: Scope to 24.x series * New upstream release for OpenStack Xena. . nova (3:23.0.2+git2021090912.edaaa97d99-0ubuntu1) impish; urgency=medium . * New upstream snapshot for OpenStack Xena. * d/control: Align (Build-)Depends with upstream. * d/p/arm-console-patch.patch: Rebased. . nova (3:23.0.2+git2021072117.3545356ae3-0ubuntu1) impish; urgency=medium . * New upstream snapshot for OpenStack Xena. * d/control: Align (Build-)Depends with upstream. . nova (3:23.0.1+git2021061405.052cf96358-0ubuntu2) impish; urgency=medium . * d/nova-compute-ironic.conf: Use the correct compute_driver for ironic (LP: #1934533). * d/t/nova-compute-daemons: Add nova-compute-ironic to test. . nova (3:23.0.1+git2021061405.052cf96358-0ubuntu1) impish; urgency=medium . * New upstream snapshot for OpenStack Xena. * d/control: Align (Build-)Depends with upstream. . nova (3:23.0.0-0ubuntu1) hirsute; urgency=medium . * New upstream release for OpenStack Wallaby. . nova (3:23.0.0~rc2-0ubuntu1) hirsute; urgency=medium . * New upstream release candidate for OpenStack Wallaby. * d/control: Align (Build-)Depends with upstream. . nova (3:23.0.0~rc1-0ubuntu1) hirsute; urgency=medium . * d/control: Remove unnecessary dh-systemd Build-Depend * d/watch: Scope to 23.x series * New upstream release candidate for OpenStack Wallaby. * d/control: Align (Build-)Depends with upstream. . nova (3:22.1.0+git2021030407.0226f9dd63-0ubuntu1) hirsute; urgency=medium . * New upstream snapshot for OpenStack Wallaby. * d/control: Align (Build-)Depends with upstream. . nova (3:22.0.1+git2021012713.d92c0740c6-0ubuntu1) hirsute; urgency=medium . [ Corey Bryant ] * d/control: Drop mox3 inline with upstream. . [ Chris MacNaughton ] * New upstream snapshot for OpenStack Wallaby. * d/control: Align (Build-)Depends with upstream. * d/p/arm-console-patch.patch: Refreshed. . nova (3:22.0.1+git2020121010.3a6c1cbc3a-0ubuntu1) hirsute; urgency=medium . * Increment epoch to align with new snapshot plan. * New upstream snapshot for OpenStack Wallaby. . nova (2:23.0.0~b1~git2020120312.f0efcae697-0ubuntu2) hirsute; urgency=medium . * New upstream snapshot for OpenStack Wallaby. * d/control: Align (Build-)Depends with upstream. . nova (2:22.0.0-0ubuntu1) groovy; urgency=medium . * New upstream release for OpenStack Victoria. . nova (2:22.0.0~rc1-0ubuntu1) groovy; urgency=medium . [ Chris MacNaughton ] * d/control: Update VCS paths for move to lp:~ubuntu-openstack-dev. * d/watch: Scope to 22.x series. . [ Corey Bryant ] * New upstream release candidate for OpenStack Victoria. * d/control: Align (Build-)Depends with upstream. . nova (2:22.0.0~b3~git2020091410.76b2fbd90e-0ubuntu3) groovy; urgency=medium . * d/nova-compute-libvirt.postinst: Ensure libvirt-qemu user is removed from nova group on package upgrade (LP: #1896617). . nova (2:22.0.0~b3~git2020091410.76b2fbd90e-0ubuntu2) groovy; urgency=medium . * d/nova-compute-libvirt.postinst: Drop libvirt-qemu user from nova group. This is no longer needed with recent /var/lib/nova permission changes and causes live snapshots to fail (LP: #1896617). . nova (2:22.0.0~b3~git2020091410.76b2fbd90e-0ubuntu1) groovy; urgency=medium . * New upstream snapshot for OpenStack Victoria. * d/control: Align (Build-)Depends with upstream. . nova (2:22.0.0~b2~git2020073014.2f3a380c3c-0ubuntu2) groovy; urgency=medium . [ Chris MacNaughton ] * d/control: Remove Breaks/Replaces that are older than Focal (LP: #1878419). . [ Corey Bryant ] * d/control, d/nova-compute-ironic.conf, d/rules: Add nova-compute-ironic binary package. . nova (2:22.0.0~b2~git2020073014.2f3a380c3c-0ubuntu1) groovy; urgency=medium . * New upstream snapshot for OpenStack Victoria. * d/control: Drop min version of openstack-pkg-tools. * d/control: Update Standards-Version to 4.5.0. . nova (2:22.0.0~b1~git2020070713.bc784a1c1f-0ubuntu1) groovy; urgency=medium . * New upstream snapshot for OpenStack Victoria. * d/control: Align (Build-)Depends with upstream. * d/p/add-mysql8-compatibility.patch: Removed. Change landed upstream. * d/p/arm-console-patch.patch: Refreshed. * d/p/drop-sphinxcontrib-rsvgconverter.patch: Refreshed