This bug was fixed in the package nova - 3:28.0.1-0ubuntu1.3~cloud0
---------------
nova (3:28.0.1-0ubuntu1.3~cloud0) jammy; urgency=medium
.
* SECURITY UPDATE for Ubuntu Cloud Archive. backport to jammy.
.
nova (3:28.0.1-0ubuntu1.3) mantic-security; urgency=medium
.
* SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
(LP: #2059809)
- debian/patches/CVE-2024-32498-1.patch: reject qcow files with
data-file attributes.
- debian/patches/CVE-2024-32498-2.patch: check images with format_inspector for safety.
- debian/patches/CVE-2024-32498-3.patch: additional qemu safety
checking on base images.
- debian/patches/CVE-2024-32498-4.patch: fix vmdk_allowed_types
checking.
- CVE-2024-32498
.
nova (3:28.0.1-0ubuntu1) mantic; urgency=medium
.
* d/gbp.conf: Create stable/2023.2 branch.
* d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
bobcat.
* New stable point release for OpenStack Bobcat (LP: #2046359).
.
nova (3:28.0.0-0ubuntu1) mantic; urgency=medium
.
* New upstream release for OpenStack Bobcat.
.
nova (3:27.1.0+git2023090509.82a17a37-0ubuntu1) mantic; urgency=medium
.
* New upstream snapshot for OpenStack Bobcat.
* d/control: Align (Build-)Depends with upstream.
* d/p/drop-actdiag.patch: Temporarily drop actdiag until bug fixed upstream.
* d/p/install-missing-db-files.patch: Install missing db files, including
nova/db/api/alembic.ini and nova/db/main/alembic.ini.
.
nova (3:27.1.0+git2023071215.f7ce4df5-0ubuntu1) mantic; urgency=medium
.
* d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
bobcat.
* d/p/skip-if-https-proxy.patch: Test skipped if https-proxy is set
as lpci builds in .launchpad.yaml do.
* New upstream snapshot for OpenStack Bobcat.
* d/p/CVE-2023-2088-*.patch: Dropped. Fixed in snapshot.
.
nova (3:27.0.0-0ubuntu4) mantic; urgency=medium
.
* SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
- debian/patches/CVE-2023-2088-1.patch: Use force=True for os-brick
disconnect during delete.
- debian/patches/CVE-2023-2088-2.patch: Enable use of service user
token with admin context.
- CVE-2023-2088
.
nova (3:27.0.0-0ubuntu3) mantic; urgency=medium
.
* SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
- debian/patches/series: Do not apply CVE-2023-2088.patch until
patches are ready for all upstream OpenStack projects.
- CVE-2023-2088
.
nova (3:27.0.0-0ubuntu2) mantic; urgency=medium
.
* SECURITY UPDATE: Unauthorized File Access
- debian/patches/CVE-2023-2088.patch: Use force=True for os-brick
disconnect during delete.
- CVE-2023-2088
.
nova (3:27.0.0-0ubuntu1) lunar; urgency=medium
.
* New upstream release for OpenStack Antelope.
.
nova (3:26.1.0+git2023030309.59f7a524-0ubuntu2) lunar; urgency=medium
.
* d/nova-compute-qemu.postinst: Add nova user to kvm group (LP: #2011535).
.
nova (3:26.1.0+git2023030309.59f7a524-0ubuntu1) lunar; urgency=medium
.
* d/watch: Drop major version.
* New upstream snapshot for OpenStack Antelope.
.
nova (3:26.1.0+git2023012815.98daf501-0ubuntu1) lunar; urgency=medium
.
* New upstream snapshot for OpenStack Antelope.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:26.0.0+git2023011010.5e5b6751-0ubuntu1) lunar; urgency=medium
.
* New upstream snapshot for OpenStack Antelope.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:26.0.0-0ubuntu1) kinetic; urgency=medium
.
* d/watch: Scope to 26.x series
* New upstream release for OpenStack Zed.
* d/control: Align (Build-)Depends with upstream.
This bug was fixed in the package nova - 3:28.0. 1-0ubuntu1. 3~cloud0
---------------
nova (3:28.0. 1-0ubuntu1. 3~cloud0) jammy; urgency=medium 1-0ubuntu1. 3) mantic-security; urgency=medium patches/ CVE-2024- 32498-1. patch: reject qcow files with patches/ CVE-2024- 32498-2. patch: check images with
format_ inspector for safety. patches/ CVE-2024- 32498-3. patch: additional qemu safety patches/ CVE-2024- 32498-4. patch: fix vmdk_allowed_types 0+git2023090509 .82a17a37- 0ubuntu1) mantic; urgency=medium actdiag. patch: Temporarily drop actdiag until bug fixed upstream. missing- db-files. patch: Install missing db files, including db/api/ alembic. ini and nova/db/ main/alembic. ini. 0+git2023071215 .f7ce4df5- 0ubuntu1) mantic; urgency=medium if-https- proxy.patch: Test skipped if https-proxy is set 2023-2088- *.patch: Dropped. Fixed in snapshot. patches/ CVE-2023- 2088-1. patch: Use force=True for os-brick patches/ CVE-2023- 2088-2. patch: Enable use of service user patches/ series: Do not apply CVE-2023-2088.patch until patches/ CVE-2023- 2088.patch: Use force=True for os-brick 0+git2023030309 .59f7a524- 0ubuntu2) lunar; urgency=medium compute- qemu.postinst: Add nova user to kvm group (LP: #2011535). 0+git2023030309 .59f7a524- 0ubuntu1) lunar; urgency=medium 0+git2023012815 .98daf501- 0ubuntu1) lunar; urgency=medium 0+git2023011010 .5e5b6751- 0ubuntu1) lunar; urgency=medium
.
* SECURITY UPDATE for Ubuntu Cloud Archive. backport to jammy.
.
nova (3:28.0.
.
* SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
(LP: #2059809)
- debian/
data-file attributes.
- debian/
- debian/
checking on base images.
- debian/
checking.
- CVE-2024-32498
.
nova (3:28.0.1-0ubuntu1) mantic; urgency=medium
.
* d/gbp.conf: Create stable/2023.2 branch.
* d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
bobcat.
* New stable point release for OpenStack Bobcat (LP: #2046359).
.
nova (3:28.0.0-0ubuntu1) mantic; urgency=medium
.
* New upstream release for OpenStack Bobcat.
.
nova (3:27.1.
.
* New upstream snapshot for OpenStack Bobcat.
* d/control: Align (Build-)Depends with upstream.
* d/p/drop-
* d/p/install-
nova/
.
nova (3:27.1.
.
* d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
bobcat.
* d/p/skip-
as lpci builds in .launchpad.yaml do.
* New upstream snapshot for OpenStack Bobcat.
* d/p/CVE-
.
nova (3:27.0.0-0ubuntu4) mantic; urgency=medium
.
* SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
- debian/
disconnect during delete.
- debian/
token with admin context.
- CVE-2023-2088
.
nova (3:27.0.0-0ubuntu3) mantic; urgency=medium
.
* SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
- debian/
patches are ready for all upstream OpenStack projects.
- CVE-2023-2088
.
nova (3:27.0.0-0ubuntu2) mantic; urgency=medium
.
* SECURITY UPDATE: Unauthorized File Access
- debian/
disconnect during delete.
- CVE-2023-2088
.
nova (3:27.0.0-0ubuntu1) lunar; urgency=medium
.
* New upstream release for OpenStack Antelope.
.
nova (3:26.1.
.
* d/nova-
.
nova (3:26.1.
.
* d/watch: Drop major version.
* New upstream snapshot for OpenStack Antelope.
.
nova (3:26.1.
.
* New upstream snapshot for OpenStack Antelope.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:26.0.
.
* New upstream snapshot for OpenStack Antelope.
* d/control: Align (Build-)Depends with upstream.
.
nova (3:26.0.0-0ubuntu1) kinetic; urgency=medium
.
* d/watch: Scope to 26.x series
* New upstream release for OpenStack Zed.
* d/control: Align (Build-)Depends with upstream.