This bug was fixed in the package cinder - 2:24.0.0-0ubuntu1.2~cloud0 ---------------
cinder (2:24.0.0-0ubuntu1.2~cloud0) jammy; urgency=medium . * SECURITY UPDATE for Ubuntu Cloud Archive. backport to jammy. . cinder (2:24.0.0-0ubuntu1.2) noble-security; urgency=medium . * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data (LP: #2059809) - debian/patches/CVE-2024-32498.patch: check for external qcow2 data file. - debian/control: added qemu-utils to Build-Depends so qemu-img is available for new tests. - CVE-2024-32498 . cinder (2:24.0.0-0ubuntu1) noble; urgency=medium . * New upstream release for OpenStack Caracal. . cinder (2:24.0.0~rc1-0ubuntu1) noble; urgency=medium . * d/watch: Track Caracal series releases. * New upstream release candidate for OpenStack Caracal. * d/p/*: Refresh. * d/control: Align (Build-)Depends with upstream RC. . cinder (2:23.0.0+git2024011915.b8cd101f-0ubuntu2) noble; urgency=medium . * d/tests/control: Add rabbitmq-server to Depends. . cinder (2:23.0.0+git2024011915.b8cd101f-0ubuntu1) noble; urgency=medium . * New upstream snapshot for OpenStack Caracal. . cinder (2:23.0.0-0ubuntu3) noble; urgency=medium . [ Mauricio Faria de Oliveira ] * d/p/py312-tests-mock-assert.patch: Add prefix assert_ to mock object assertions missing it (stricter in 3.12). . [ Corey Bryant ] * d/control: Update min version of python3-taskflow to ensure it supports Python 3.12. . cinder (2:23.0.0-0ubuntu2) noble; urgency=medium . [ Corey Bryant ] * d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for caracal. * d/control: set min version of openstack-pkg-tools to ensure Should-Start/Stop is fixed. . [ Mauricio Faria de Oliveira ] * d/cinder-volume.init.in: add tgt to Should-Start/Stop (LP: #1987663) Requires rebuild to pick up openstack-pkg-tools 123ubuntu2 in noble. . cinder (2:23.0.0-0ubuntu1) mantic; urgency=medium . * New upstream release for OpenStack Bobcat. . cinder (2:23.0.0~rc1-0ubuntu1) mantic; urgency=medium . * New upstream release candidate for OpenStack Bobcat. . cinder (2:22.1.0+git2023090509.f79048d2-0ubuntu1) mantic; urgency=medium . * New upstream snapshot for OpenStack Bobcat. * d/p/install-missing-db-files.patch: Install missing db files, including cinder/db/alembic.ini. . cinder (2:22.1.0+git2023071214.c1a18fcd-0ubuntu1) mantic; urgency=medium . * d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for bobcat. * New upstream snapshot for OpenStack Bobcat. * d/control: Align (Build-)Depends with upstream. * d/p/skip-mock-spec-failures.patch: Dropped. No longer needed. * d/p/CVE-2023-2088-*.patch: Dropped. Fixed in snapshot. . cinder (2:22.0.0-0ubuntu4) mantic; urgency=medium . * SECURITY UPDATE: Unauthorized File Access (LP: #2021980) - debian/patches/CVE-2023-2088-1.patch: Reject unsafe delete attachment calls. - debian/patches/CVE-2023-2088-2.patch: Doc: Improve service token. - CVE-2023-2088 . cinder (2:22.0.0-0ubuntu3) mantic; urgency=medium . * SECURITY REGRESSION: Regressions in other projects (LP: #2020111) - debian/patches/series: Do not apply CVE-2023-2088.patch until patches are ready for all upstream OpenStack projects. - CVE-2023-2088 . cinder (2:22.0.0-0ubuntu2) mantic; urgency=medium . * SECURITY UPDATE: Unauthorized File Access - debian/patches/CVE-2023-2088.patch: Reject unsafe delete attachment calls. - CVE-2023-2088 . cinder (2:22.0.0-0ubuntu1) lunar; urgency=medium . * New upstream release for OpenStack Antelope. * d/p/skip-mock-spec-failures.patch: Rebased. . cinder (2:21.1.0+git2023030309.3ddce92b-0ubuntu1) lunar; urgency=medium . * d/control: Drop min version of python3-mypy to enable backport to cloud-archive. * d/watch: Drop major version. * New upstream snapshot for OpenStack Antelope. * d/p/skip-mock-spec-failures.patch: Rebased. . cinder (2:21.1.0+git2023022212.0af3df67-0ubuntu1) lunar; urgency=medium . * New upstream snapshot for OpenStack Antelope. * d/control: Align (Build-)Depends with upstream. . cinder (2:21.1.0+git2023012815.c9e65529-0ubuntu1) lunar; urgency=medium . * New upstream snapshot for OpenStack Antelope. * d/control: Align (Build-)Depends with upstream. . cinder (2:21.0.0+git2023011009.2db3fc3e-0ubuntu1) lunar; urgency=medium . * New upstream snapshot for OpenStack Antelope. * d/control: Align (Build-)Depends with upstream. * d/p/skip-mock-spec-failures.patch: Skip tests that are affected by "Cannot spec a Mock object" failure. . cinder (2:21.0.0-0ubuntu1) kinetic; urgency=medium . * d/watch: Scope to 21.x. * New upstream release for OpenStack Zed.
This bug was fixed in the package cinder - 2:24.0. 0-0ubuntu1. 2~cloud0
---------------
cinder (2:24.0. 0-0ubuntu1. 2~cloud0) jammy; urgency=medium 0-0ubuntu1. 2) noble-security; urgency=medium patches/ CVE-2024- 32498.patch: check for external qcow2 data 0~rc1-0ubuntu1) noble; urgency=medium 0+git2024011915 .b8cd101f- 0ubuntu2) noble; urgency=medium 0+git2024011915 .b8cd101f- 0ubuntu1) noble; urgency=medium tests-mock- assert. patch: Add prefix assert_ Start/Stop is fixed. volume. init.in: add tgt to Should-Start/Stop (LP: #1987663) 0~rc1-0ubuntu1) mantic; urgency=medium 0+git2023090509 .f79048d2- 0ubuntu1) mantic; urgency=medium missing- db-files. patch: Install missing db files, including db/alembic. ini. 0+git2023071214 .c1a18fcd- 0ubuntu1) mantic; urgency=medium mock-spec- failures. patch: Dropped. No longer needed. 2023-2088- *.patch: Dropped. Fixed in snapshot. patches/ CVE-2023- 2088-1. patch: Reject unsafe delete patches/ CVE-2023- 2088-2. patch: Doc: Improve service token. patches/ series: Do not apply CVE-2023-2088.patch until patches/ CVE-2023- 2088.patch: Reject unsafe delete mock-spec- failures. patch: Rebased. 0+git2023030309 .3ddce92b- 0ubuntu1) lunar; urgency=medium mock-spec- failures. patch: Rebased. 0+git2023022212 .0af3df67- 0ubuntu1) lunar; urgency=medium 0+git2023012815 .c9e65529- 0ubuntu1) lunar; urgency=medium 0+git2023011009 .2db3fc3e- 0ubuntu1) lunar; urgency=medium mock-spec- failures. patch: Skip tests that are affected by
.
* SECURITY UPDATE for Ubuntu Cloud Archive. backport to jammy.
.
cinder (2:24.0.
.
* SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
(LP: #2059809)
- debian/
file.
- debian/control: added qemu-utils to Build-Depends so qemu-img is
available for new tests.
- CVE-2024-32498
.
cinder (2:24.0.0-0ubuntu1) noble; urgency=medium
.
* New upstream release for OpenStack Caracal.
.
cinder (2:24.0.
.
* d/watch: Track Caracal series releases.
* New upstream release candidate for OpenStack Caracal.
* d/p/*: Refresh.
* d/control: Align (Build-)Depends with upstream RC.
.
cinder (2:23.0.
.
* d/tests/control: Add rabbitmq-server to Depends.
.
cinder (2:23.0.
.
* New upstream snapshot for OpenStack Caracal.
.
cinder (2:23.0.0-0ubuntu3) noble; urgency=medium
.
[ Mauricio Faria de Oliveira ]
* d/p/py312-
to mock object assertions missing it (stricter in 3.12).
.
[ Corey Bryant ]
* d/control: Update min version of python3-taskflow to
ensure it supports Python 3.12.
.
cinder (2:23.0.0-0ubuntu2) noble; urgency=medium
.
[ Corey Bryant ]
* d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
caracal.
* d/control: set min version of openstack-pkg-tools to ensure
Should-
.
[ Mauricio Faria de Oliveira ]
* d/cinder-
Requires rebuild to pick up openstack-pkg-tools 123ubuntu2 in noble.
.
cinder (2:23.0.0-0ubuntu1) mantic; urgency=medium
.
* New upstream release for OpenStack Bobcat.
.
cinder (2:23.0.
.
* New upstream release candidate for OpenStack Bobcat.
.
cinder (2:22.1.
.
* New upstream snapshot for OpenStack Bobcat.
* d/p/install-
cinder/
.
cinder (2:22.1.
.
* d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
bobcat.
* New upstream snapshot for OpenStack Bobcat.
* d/control: Align (Build-)Depends with upstream.
* d/p/skip-
* d/p/CVE-
.
cinder (2:22.0.0-0ubuntu4) mantic; urgency=medium
.
* SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
- debian/
attachment calls.
- debian/
- CVE-2023-2088
.
cinder (2:22.0.0-0ubuntu3) mantic; urgency=medium
.
* SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
- debian/
patches are ready for all upstream OpenStack projects.
- CVE-2023-2088
.
cinder (2:22.0.0-0ubuntu2) mantic; urgency=medium
.
* SECURITY UPDATE: Unauthorized File Access
- debian/
attachment calls.
- CVE-2023-2088
.
cinder (2:22.0.0-0ubuntu1) lunar; urgency=medium
.
* New upstream release for OpenStack Antelope.
* d/p/skip-
.
cinder (2:21.1.
.
* d/control: Drop min version of python3-mypy to enable backport
to cloud-archive.
* d/watch: Drop major version.
* New upstream snapshot for OpenStack Antelope.
* d/p/skip-
.
cinder (2:21.1.
.
* New upstream snapshot for OpenStack Antelope.
* d/control: Align (Build-)Depends with upstream.
.
cinder (2:21.1.
.
* New upstream snapshot for OpenStack Antelope.
* d/control: Align (Build-)Depends with upstream.
.
cinder (2:21.0.
.
* New upstream snapshot for OpenStack Antelope.
* d/control: Align (Build-)Depends with upstream.
* d/p/skip-
"Cannot spec a Mock object" failure.
.
cinder (2:21.0.0-0ubuntu1) kinetic; urgency=medium
.
* d/watch: Scope to 21.x.
* New upstream release for OpenStack Zed.