This bug was fixed in the package glance - 2:27.0.0-0ubuntu1.2~cloud0 ---------------
glance (2:27.0.0-0ubuntu1.2~cloud0) jammy; urgency=medium . * SECURITY UPDATE for Ubuntu Cloud Archive. backport to jammy. . glance (2:27.0.0-0ubuntu1.2) mantic-security; urgency=medium . * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data (LP: #2059809) - debian/patches/CVE-2024-32498-pre1.patch: support Stream Optimized VMDKs. - debian/patches/CVE-2024-32498-1.patch: reject qcow files with data-file attributes. - debian/patches/CVE-2024-32498-2.patch: extend format_inspector for QCOW safety. - debian/patches/CVE-2024-32498-3.patch: add VMDK safety check. - debian/patches/CVE-2024-32498-4.patch: reject unsafe qcow and vmdk files. - debian/patches/CVE-2024-32498-5.patch: add QED format detection to format_inspector. - debian/patches/CVE-2024-32498-6.patch: add file format detection to format_inspector. - debian/patches/CVE-2024-32498-7.patch: add safety check and detection support to FI tool. - CVE-2024-32498 . glance (2:27.0.0-0ubuntu1) mantic; urgency=medium . * New upstream release for OpenStack Bobcat. . glance (2:27.0.0~b2+git2023090714.b059c898-0ubuntu1) mantic; urgency=medium . * New upstream snapshot for OpenStack Bobcat. * d/p/install-missing-db-files.patch: Install missing db files, including glance/db/sqlalchemy/alembic_migrations/alembic.ini. . glance (2:27.0.0~b1+git2023071214.b350184f-0ubuntu1) mantic; urgency=medium . * New upstream snapshot for OpenStack Bobcat. * d/control: Align (Build-)Depends with upstream. . glance (2:27.0.0~b1+git2023061414.43b2116a-0ubuntu1) mantic; urgency=medium . * d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for bobcat. * New upstream snapshot for OpenStack Bobcat. . glance (2:26.0.0-0ubuntu1) lunar; urgency=medium . * New upstream release for OpenStack Antelope. . glance (2:26.0.0~b3+git2023030211.f0371614-0ubuntu2) lunar; urgency=medium . * d/t/glance-daemons: Bump sleep to 0.5 . glance (2:26.0.0~b3+git2023030211.f0371614-0ubuntu1) lunar; urgency=medium . * d/watch: Drop major version. * New upstream snapshot for OpenStack Antelope. * d/control: Align (Build-)Depends with upstream. * d/p/add-root-tar-support.patch: Rebased. . glance (2:26.0.0~b2+git2023012815.907c5626-0ubuntu1) lunar; urgency=medium . * New upstream snapshot for OpenStack Antelope. . glance (2:26.0.0~b2+git2023011009.e9b40e13-0ubuntu1) lunar; urgency=medium . * New upstream snapshot for OpenStack Antelope. . glance (2:25.0.0-0ubuntu1) kinetic; urgency=medium . * d/watch: Scope to 25.x. * New upstream release for OpenStack Zed. . glance (2:25.0.0~b3+git2022091212.d7db4e562-0ubuntu1) kinetic; urgency=medium . * New upstream snapshot for OpenStack Zed.
This bug was fixed in the package glance - 2:27.0. 0-0ubuntu1. 2~cloud0
---------------
glance (2:27.0. 0-0ubuntu1. 2~cloud0) jammy; urgency=medium 0-0ubuntu1. 2) mantic-security; urgency=medium patches/ CVE-2024- 32498-pre1. patch: support Stream Optimized patches/ CVE-2024- 32498-1. patch: reject qcow files with patches/ CVE-2024- 32498-2. patch: extend format_inspector for patches/ CVE-2024- 32498-3. patch: add VMDK safety check. patches/ CVE-2024- 32498-4. patch: reject unsafe qcow and vmdk patches/ CVE-2024- 32498-5. patch: add QED format detection to
format_ inspector. patches/ CVE-2024- 32498-6. patch: add file format detection to
format_ inspector. patches/ CVE-2024- 32498-7. patch: add safety check and detection 0~b2+git2023090 714.b059c898- 0ubuntu1) mantic; urgency=medium missing- db-files. patch: Install missing db files, including db/sqlalchemy/ alembic_ migrations/ alembic. ini. 0~b1+git2023071 214.b350184f- 0ubuntu1) mantic; urgency=medium 0~b1+git2023061 414.43b2116a- 0ubuntu1) mantic; urgency=medium 0~b3+git2023030 211.f0371614- 0ubuntu2) lunar; urgency=medium 0~b3+git2023030 211.f0371614- 0ubuntu1) lunar; urgency=medium root-tar- support. patch: Rebased. 0~b2+git2023012 815.907c5626- 0ubuntu1) lunar; urgency=medium 0~b2+git2023011 009.e9b40e13- 0ubuntu1) lunar; urgency=medium 0~b3+git2022091 212.d7db4e562- 0ubuntu1) kinetic; urgency=medium
.
* SECURITY UPDATE for Ubuntu Cloud Archive. backport to jammy.
.
glance (2:27.0.
.
* SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
(LP: #2059809)
- debian/
VMDKs.
- debian/
data-file attributes.
- debian/
QCOW safety.
- debian/
- debian/
files.
- debian/
- debian/
- debian/
support to FI tool.
- CVE-2024-32498
.
glance (2:27.0.0-0ubuntu1) mantic; urgency=medium
.
* New upstream release for OpenStack Bobcat.
.
glance (2:27.0.
.
* New upstream snapshot for OpenStack Bobcat.
* d/p/install-
glance/
.
glance (2:27.0.
.
* New upstream snapshot for OpenStack Bobcat.
* d/control: Align (Build-)Depends with upstream.
.
glance (2:27.0.
.
* d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
bobcat.
* New upstream snapshot for OpenStack Bobcat.
.
glance (2:26.0.0-0ubuntu1) lunar; urgency=medium
.
* New upstream release for OpenStack Antelope.
.
glance (2:26.0.
.
* d/t/glance-daemons: Bump sleep to 0.5
.
glance (2:26.0.
.
* d/watch: Drop major version.
* New upstream snapshot for OpenStack Antelope.
* d/control: Align (Build-)Depends with upstream.
* d/p/add-
.
glance (2:26.0.
.
* New upstream snapshot for OpenStack Antelope.
.
glance (2:26.0.
.
* New upstream snapshot for OpenStack Antelope.
.
glance (2:25.0.0-0ubuntu1) kinetic; urgency=medium
.
* d/watch: Scope to 25.x.
* New upstream release for OpenStack Zed.
.
glance (2:25.0.
.
* New upstream snapshot for OpenStack Zed.