Ubuntu Cloud Archive

Comment 31 for bug 1987663

Revision history for this message

James Page (james-page) wrote on 2024-07-08:

#31

This bug was fixed in the package cinder - 2:24.0.0-0ubuntu1.2~cloud0
---------------

cinder (2:24.0.0-0ubuntu1.2~cloud0) jammy; urgency=medium
.
   * SECURITY UPDATE for Ubuntu Cloud Archive. backport to jammy.
.
cinder (2:24.0.0-0ubuntu1.2) noble-security; urgency=medium
.
   * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
     (LP: #2059809)
     - debian/patches/CVE-2024-32498.patch: check for external qcow2 data
       file.
     - debian/control: added qemu-utils to Build-Depends so qemu-img is
       available for new tests.
     - CVE-2024-32498
.
cinder (2:24.0.0-0ubuntu1) noble; urgency=medium
.
   * New upstream release for OpenStack Caracal.
.
cinder (2:24.0.0~rc1-0ubuntu1) noble; urgency=medium
.
   * d/watch: Track Caracal series releases.
   * New upstream release candidate for OpenStack Caracal.
   * d/p/*: Refresh.
   * d/control: Align (Build-)Depends with upstream RC.
.
cinder (2:23.0.0+git2024011915.b8cd101f-0ubuntu2) noble; urgency=medium
.
   * d/tests/control: Add rabbitmq-server to Depends.
.
cinder (2:23.0.0+git2024011915.b8cd101f-0ubuntu1) noble; urgency=medium
.
   * New upstream snapshot for OpenStack Caracal.
.
cinder (2:23.0.0-0ubuntu3) noble; urgency=medium
.
   [ Mauricio Faria de Oliveira ]
   * d/p/py312-tests-mock-assert.patch: Add prefix assert_
     to mock object assertions missing it (stricter in 3.12).
.
   [ Corey Bryant ]
   * d/control: Update min version of python3-taskflow to
     ensure it supports Python 3.12.
.
cinder (2:23.0.0-0ubuntu2) noble; urgency=medium
.
   [ Corey Bryant ]
   * d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
     caracal.
   * d/control: set min version of openstack-pkg-tools to ensure
     Should-Start/Stop is fixed.
.
   [ Mauricio Faria de Oliveira ]
   * d/cinder-volume.init.in: add tgt to Should-Start/Stop (LP: #1987663)
     Requires rebuild to pick up openstack-pkg-tools 123ubuntu2 in noble.
.
cinder (2:23.0.0-0ubuntu1) mantic; urgency=medium
.
   * New upstream release for OpenStack Bobcat.
.
cinder (2:23.0.0~rc1-0ubuntu1) mantic; urgency=medium
.
   * New upstream release candidate for OpenStack Bobcat.
.
cinder (2:22.1.0+git2023090509.f79048d2-0ubuntu1) mantic; urgency=medium
.
   * New upstream snapshot for OpenStack Bobcat.
   * d/p/install-missing-db-files.patch: Install missing db files, including
     cinder/db/alembic.ini.
.
cinder (2:22.1.0+git2023071214.c1a18fcd-0ubuntu1) mantic; urgency=medium
.
   * d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
     bobcat.
   * New upstream snapshot for OpenStack Bobcat.
   * d/control: Align (Build-)Depends with upstream.
   * d/p/skip-mock-spec-failures.patch: Dropped. No longer needed.
   * d/p/CVE-2023-2088-*.patch: Dropped. Fixed in snapshot.
.
cinder (2:22.0.0-0ubuntu4) mantic; urgency=medium
.
   * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
     - debian/patches/CVE-2023-2088-1.patch: Reject unsafe delete
       attachment calls.
     - debian/patches/CVE-2023-2088-2.patch: Doc: Improve service token.
     - CVE-2023-2088
.
cinder (2:22.0.0-0ubuntu3) mantic; urgency=medium
.
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088
.
cinder (2:22.0.0-0ubuntu2) mantic; urgency=medium
.
   * SECURITY UPDATE: Unauthorized File Access
     - debian/patches/CVE-2023-2088.patch: Reject unsafe delete
       attachment calls.
     - CVE-2023-2088
.
cinder (2:22.0.0-0ubuntu1) lunar; urgency=medium
.
   * New upstream release for OpenStack Antelope.
   * d/p/skip-mock-spec-failures.patch: Rebased.
.
cinder (2:21.1.0+git2023030309.3ddce92b-0ubuntu1) lunar; urgency=medium
.
   * d/control: Drop min version of python3-mypy to enable backport
     to cloud-archive.
   * d/watch: Drop major version.
   * New upstream snapshot for OpenStack Antelope.
   * d/p/skip-mock-spec-failures.patch: Rebased.
.
cinder (2:21.1.0+git2023022212.0af3df67-0ubuntu1) lunar; urgency=medium
.
   * New upstream snapshot for OpenStack Antelope.
   * d/control: Align (Build-)Depends with upstream.
.
cinder (2:21.1.0+git2023012815.c9e65529-0ubuntu1) lunar; urgency=medium
.
   * New upstream snapshot for OpenStack Antelope.
   * d/control: Align (Build-)Depends with upstream.
.
cinder (2:21.0.0+git2023011009.2db3fc3e-0ubuntu1) lunar; urgency=medium
.
   * New upstream snapshot for OpenStack Antelope.
   * d/control: Align (Build-)Depends with upstream.
   * d/p/skip-mock-spec-failures.patch: Skip tests that are affected by
     "Cannot spec a Mock object" failure.
.
cinder (2:21.0.0-0ubuntu1) kinetic; urgency=medium
.
   * d/watch: Scope to 21.x.
   * New upstream release for OpenStack Zed.

This bug was fixed in the package cinder - 2:24.0.0-0ubuntu1.2~cloud0
---------------

cinder (2:24.0.0-0ubuntu1.2~cloud0) jammy; urgency=medium
 .
   * SECURITY UPDATE for Ubuntu Cloud Archive. backport to jammy.
 .
 cinder (2:24.0.0-0ubuntu1.2) noble-security; urgency=medium
 .
   * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
     (LP: #2059809)
     - debian/patches/CVE-2024-32498.patch: check for external qcow2 data
       file.
     - debian/control: added qemu-utils to Build-Depends so qemu-img is
       available for new tests.
     - CVE-2024-32498
 .
 cinder (2:24.0.0-0ubuntu1) noble; urgency=medium
 .
   * New upstream release for OpenStack Caracal.
 .
 cinder (2:24.0.0~rc1-0ubuntu1) noble; urgency=medium
 .
   * d/watch: Track Caracal series releases.
   * New upstream release candidate for OpenStack Caracal.
   * d/p/*: Refresh.
   * d/control: Align (Build-)Depends with upstream RC.
 .
 cinder (2:23.0.0+git2024011915.b8cd101f-0ubuntu2) noble; urgency=medium
 .
   * d/tests/control: Add rabbitmq-server to Depends.
 .
 cinder (2:23.0.0+git2024011915.b8cd101f-0ubuntu1) noble; urgency=medium
 .
   * New upstream snapshot for OpenStack Caracal.
 .
 cinder (2:23.0.0-0ubuntu3) noble; urgency=medium
 .
   [ Mauricio Faria de Oliveira ]
   * d/p/py312-tests-mock-assert.patch: Add prefix assert_
     to mock object assertions missing it (stricter in 3.12).
 .
   [ Corey Bryant ]
   * d/control: Update min version of python3-taskflow to
     ensure it supports Python 3.12.
 .
 cinder (2:23.0.0-0ubuntu2) noble; urgency=medium
 .
   [ Corey Bryant ]
   * d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
     caracal.
   * d/control: set min version of openstack-pkg-tools to ensure
     Should-Start/Stop is fixed.
 .
   [ Mauricio Faria de Oliveira ]
   * d/cinder-volume.init.in: add tgt to Should-Start/Stop (LP: #1987663)
     Requires rebuild to pick up openstack-pkg-tools 123ubuntu2 in noble.
 .
 cinder (2:23.0.0-0ubuntu1) mantic; urgency=medium
 .
   * New upstream release for OpenStack Bobcat.
 .
 cinder (2:23.0.0~rc1-0ubuntu1) mantic; urgency=medium
 .
   * New upstream release candidate for OpenStack Bobcat.
 .
 cinder (2:22.1.0+git2023090509.f79048d2-0ubuntu1) mantic; urgency=medium
 .
   * New upstream snapshot for OpenStack Bobcat.
   * d/p/install-missing-db-files.patch: Install missing db files, including
     cinder/db/alembic.ini.
 .
 cinder (2:22.1.0+git2023071214.c1a18fcd-0ubuntu1) mantic; urgency=medium
 .
   * d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
     bobcat.
   * New upstream snapshot for OpenStack Bobcat.
   * d/control: Align (Build-)Depends with upstream.
   * d/p/skip-mock-spec-failures.patch: Dropped. No longer needed.
   * d/p/CVE-2023-2088-*.patch: Dropped. Fixed in snapshot.
 .
 cinder (2:22.0.0-0ubuntu4) mantic; urgency=medium
 .
   * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
     - debian/patches/CVE-2023-2088-1.patch: Reject unsafe delete
       attachment calls.
     - debian/patches/CVE-2023-2088-2.patch: Doc: Improve service token.
     - CVE-2023-2088
 .
 cinder (2:22.0.0-0ubuntu3) mantic; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088
 .
 cinder (2:22.0.0-0ubuntu2) mantic; urgency=medium
 .
   * SECURITY UPDATE: Unauthorized File Access
     - debian/patches/CVE-2023-2088.patch: Reject unsafe delete
       attachment calls.
     - CVE-2023-2088
 .
 cinder (2:22.0.0-0ubuntu1) lunar; urgency=medium
 .
   * New upstream release for OpenStack Antelope.
   * d/p/skip-mock-spec-failures.patch: Rebased.
 .
 cinder (2:21.1.0+git2023030309.3ddce92b-0ubuntu1) lunar; urgency=medium
 .
   * d/control: Drop min version of python3-mypy to enable backport
     to cloud-archive.
   * d/watch: Drop major version.
   * New upstream snapshot for OpenStack Antelope.
   * d/p/skip-mock-spec-failures.patch: Rebased.
 .
 cinder (2:21.1.0+git2023022212.0af3df67-0ubuntu1) lunar; urgency=medium
 .
   * New upstream snapshot for OpenStack Antelope.
   * d/control: Align (Build-)Depends with upstream.
 .
 cinder (2:21.1.0+git2023012815.c9e65529-0ubuntu1) lunar; urgency=medium
 .
   * New upstream snapshot for OpenStack Antelope.
   * d/control: Align (Build-)Depends with upstream.
 .
 cinder (2:21.0.0+git2023011009.2db3fc3e-0ubuntu1) lunar; urgency=medium
 .
   * New upstream snapshot for OpenStack Antelope.
   * d/control: Align (Build-)Depends with upstream.
   * d/p/skip-mock-spec-failures.patch: Skip tests that are affected by
     "Cannot spec a Mock object" failure.
 .
 cinder (2:21.0.0-0ubuntu1) kinetic; urgency=medium
 .
   * d/watch: Scope to 21.x.
   * New upstream release for OpenStack Zed.