OpenStack Compute (nova)

  1. Bug #2059809
  2. Comment #354

Comment 354 for bug 2059809

Revision history for this message
James Page (james-page) wrote :

This bug was fixed in the package nova - 3:29.0.1-0ubuntu1.3~cloud0
---------------

 nova (3:29.0.1-0ubuntu1.3~cloud0) jammy; urgency=medium
 .
   * SECURITY UPDATE for Ubuntu Cloud Archive. backport to jammy.
 .
 nova (3:29.0.1-0ubuntu1.3) noble-security; urgency=medium
 .
   * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
     (LP: #2059809)
     - debian/patches/CVE-2024-32498-1.patch: reject qcow files with
       data-file attributes.
     - debian/patches/CVE-2024-32498-2.patch: check images with
       format_inspector for safety.
     - debian/patches/CVE-2024-32498-3.patch: additional qemu safety
       checking on base images.
     - debian/patches/CVE-2024-32498-4.patch: fix vmdk_allowed_types
       checking.
     - CVE-2024-32498
 .
 nova (3:29.0.1-0ubuntu1) noble; urgency=medium
 .
   * New upstream release for OpenStack Caracal.
 .
 nova (3:29.0.0~rc1-0ubuntu2) noble; urgency=medium
 .
   * d/control: Drop os-xenapi from (Build-)Depends.
   * d/control: Drop os-win from (Build-)Depends.
 .
 nova (3:29.0.0~rc1-0ubuntu1) noble; urgency=medium
 .
   * New upstream release candidate for OpenStack Caracal.
   * d/p/*: Refresh.
   * d/p/drop-actdiag.patch: Drop, no longer needed.
   * d/exclude-list.txt,rules: Skip two tests that fail due to missing
     patching that breaks under Python >= 3.12.
 .
 nova (3:28.0.1+git2024011916.087c372a-0ubuntu2) noble; urgency=medium
 .
   * d/control: Drop python3-pypowervm from (Build-)Depends as this driver
     was removed from Nova.
 .
 nova (3:28.0.1+git2024011916.087c372a-0ubuntu1) noble; urgency=medium
 .
   [ Corey Bryant ]
   * d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
     caracal.
 .
   [ James Page ]
   * New upstream snapshot for OpenStack Caracal.
   * d/control: Align (Build-)Depends with upstream.
   * d/p/*: Refresh patches
   * d/rules: Use --exclude-regex with stestr run.
   * d/p/test-hacking-compat.patch: Fix syntax error in hacking test
     code.
   * d/patches/oslo.versionedobjects-compat.patch: Use OsloOrderedDict
     when adding extra data to version information.
   * d/control: Priority extra->optional.
   * d/source_nova.py: use python3.
   * d/control,rules: Use dh_sphinxdoc to tidy generated documentation.
   * d/nova-compute-kvm.postinst: Restore missing interpreter.
   * d/control: Add Pre-Depends to ensure full systemd init.d compat.
   * d/control: Add Depends on adduser for nova-compute-{kvm,qemu}.
 .
 nova (3:28.0.0-0ubuntu1) mantic; urgency=medium
 .
   * New upstream release for OpenStack Bobcat.
 .
 nova (3:27.1.0+git2023090509.82a17a37-0ubuntu1) mantic; urgency=medium
 .
   * New upstream snapshot for OpenStack Bobcat.
   * d/control: Align (Build-)Depends with upstream.
   * d/p/drop-actdiag.patch: Temporarily drop actdiag until bug fixed upstream.
   * d/p/install-missing-db-files.patch: Install missing db files, including
     nova/db/api/alembic.ini and nova/db/main/alembic.ini.
 .
 nova (3:27.1.0+git2023071215.f7ce4df5-0ubuntu1) mantic; urgency=medium
 .
   * d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
     bobcat.
   * d/p/skip-if-https-proxy.patch: Test skipped if https-proxy is set
     as lpci builds in .launchpad.yaml do.
   * New upstream snapshot for OpenStack Bobcat.
   * d/p/CVE-2023-2088-*.patch: Dropped. Fixed in snapshot.
 .
 nova (3:27.0.0-0ubuntu4) mantic; urgency=medium
 .
   * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
     - debian/patches/CVE-2023-2088-1.patch: Use force=True for os-brick
       disconnect during delete.
     - debian/patches/CVE-2023-2088-2.patch: Enable use of service user
       token with admin context.
     - CVE-2023-2088
 .
 nova (3:27.0.0-0ubuntu3) mantic; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088
 .
 nova (3:27.0.0-0ubuntu2) mantic; urgency=medium
 .
   * SECURITY UPDATE: Unauthorized File Access
     - debian/patches/CVE-2023-2088.patch: Use force=True for os-brick
       disconnect during delete.
     - CVE-2023-2088
 .
 nova (3:27.0.0-0ubuntu1) lunar; urgency=medium
 .
   * New upstream release for OpenStack Antelope.
 .
 nova (3:26.1.0+git2023030309.59f7a524-0ubuntu2) lunar; urgency=medium
 .
   * d/nova-compute-qemu.postinst: Add nova user to kvm group (LP: #2011535).
 .
 nova (3:26.1.0+git2023030309.59f7a524-0ubuntu1) lunar; urgency=medium
 .
   * d/watch: Drop major version.
   * New upstream snapshot for OpenStack Antelope.
 .
 nova (3:26.1.0+git2023012815.98daf501-0ubuntu1) lunar; urgency=medium
 .
   * New upstream snapshot for OpenStack Antelope.
   * d/control: Align (Build-)Depends with upstream.
 .
 nova (3:26.0.0+git2023011010.5e5b6751-0ubuntu1) lunar; urgency=medium
 .
   * New upstream snapshot for OpenStack Antelope.
   * d/control: Align (Build-)Depends with upstream.
 .
 nova (3:26.0.0-0ubuntu1) kinetic; urgency=medium
 .
   * d/watch: Scope to 26.x series
   * New upstream release for OpenStack Zed.
   * d/control: Align (Build-)Depends with upstream.