This bug was fixed in the package glance - 2:24.2.1-0ubuntu1.2~cloud0 --------------- glance (2:24.2.1-0ubuntu1.2~cloud0) focal; urgency=medium . * SECURITY UPDATE for Ubuntu Cloud Archive. backport to focal. . glance (2:24.2.1-0ubuntu1.2) jammy-security; urgency=medium . * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data (LP: #2059809) - debian/patches/CVE-2024-32498-pre1.patch: limit CaptureRegion sizes in format_inspector for VMDK and VHDX. - debian/patches/CVE-2024-32498-pre2.patch: support Stream Optimized VMDKs. - debian/patches/CVE-2024-32498-1.patch: reject qcow files with data-file attributes. - debian/patches/CVE-2024-32498-2.patch: extend format_inspector for QCOW safety. - debian/patches/CVE-2024-32498-3.patch: add VMDK safety check. - debian/patches/CVE-2024-32498-4.patch: reject unsafe qcow and vmdk files. - debian/patches/CVE-2024-32498-5.patch: add QED format detection to format_inspector. - debian/patches/CVE-2024-32498-6.patch: add file format detection to format_inspector. - debian/patches/CVE-2024-32498-7.patch: add safety check and detection support to FI tool. - CVE-2024-32498 . glance (2:24.2.1-0ubuntu1) jammy; urgency=medium . * New stable point release for OpenStack Yoga (LP: #2037332). . glance (2:24.2.0-0ubuntu1) jammy; urgency=medium . * New stable point release for OpenStack Yoga (LP: #2011713). * d/p/CVE-2022-47951.patch: Dropped. Fixed in stable point release. . glance (2:24.1.0-0ubuntu1.1) jammy-security; urgency=medium . * SECURITY UPDATE: Arbitrary file access - debian/patches/CVE-2022-47951.patch: Enforce image safety during image_conversion. - CVE-2022-47951 . glance (2:24.1.0-0ubuntu1) jammy; urgency=medium . * d/gbp.conf: Create stable/yoga branch. * New stable point release for OpenStack Yoga (LP: #1980369). . glance (2:24.0.0-0ubuntu1) jammy; urgency=medium . * d/watch: Scope to 24.x. * New upstream release for OpenStack Yoga. . glance (2:24.0.0~rc1+git2022030311.d4119be05-0ubuntu1) jammy; urgency=medium . * New upstream snapshot for OpenStack Yoga. * d/control: Align (Build-)Depends with upstream. * d/p/skip-py10-failure.patch: Dropped. Fixed in upstream snapshot. . glance (2:23.0.0+git2022011216.502fa0ffc-0ubuntu1) jammy; urgency=medium . * d/glance-common.install, d/glance-api.init.in: Install glance-image-import.conf.sample and add --config-dir=/etc/glance/ to glance-api init script (LP: #1955022). * New upstream snapshot for OpenStack Yoga. * d/control, d/rules: Bump debhelper compat to 13. . glance (2:23.0.0+git2021120811.4ee7799aa-0ubuntu1) jammy; urgency=medium . * New upstream snapshot for OpenStack Yoga. * d/p/skip-py10-failure.patch: Skip test that is raising different exception with Python 3.10. . glance (2:23.0.0-0ubuntu1) impish; urgency=medium . * d/watch: Scope to 23.x. * New upstream release for OpenStack Xena. * d/control: Align (Build-)Depends with upstream. . glance (2:23.0.0~b3+git2021091316.d49eaa04c-0ubuntu1) impish; urgency=medium . * New upstream snapshot for OpenStack Xena. * d/p/add-root-tar-support.patch: Rebased. . glance (2:23.0.0~b2+git2021072116.62334aa4-0ubuntu1) impish; urgency=medium . * New upstream snapshot for OpenStack Xena. * d/control: Align (Build-)Depends with upstream. . glance (2:22.0.0+git2021061112.4f20e500-0ubuntu1) impish; urgency=medium . * New upstream snapshot for OpenStack Xena. . glance (2:22.0.0-0ubuntu1) hirsute; urgency=medium . * New upstream release for OpenStack Wallaby. . glance (2:22.0.0~rc1-0ubuntu1) hirsute; urgency=medium . * d/watch: Track the 22.x series and fix path. * New upstream release candidate for OpenStack Wallaby. * d/control: Align (Build-)Depends with upstream. . glance (2:22.0.0~b2+git2021012915.03bf00ee-0ubuntu1) hirsute; urgency=medium . * New upstream snapshot for OpenStack Wallaby. * d/control: Align (Build-)Depends with upstream. . glance (2:21.0.0+git2020120911.f102b74a-0ubuntu1) hirsute; urgency=medium . * New upstream snapshot for OpenStack Wallaby. . glance (2:21.0.0-0ubuntu1) groovy; urgency=medium . * d/control: Update VCS paths for move to lp:~ubuntu-openstack-dev. * d/watch: Track the 21.x series. * New upstream release for OpenStack Victoria. . glance (2:21.0.0~b3~git2020091515.e16d5c9b-0ubuntu1) groovy; urgency=medium . [ Chris MacNaughton ] * d/control: Remove Breaks/Replaces that are older than Focal (LP: #1878419). . [ Corey Bryant ] * New upstream snapshot for OpenStack Victoria. * d/control: Align (Build-)Depends with upstream. . glance (2:21.0.0~b2~git2020073013.cfbe5f76-0ubuntu2) groovy; urgency=medium . * d/glance-common.postrm: Drop --system from deluser/delgroup calls. This aligns with the glance-common.postinst script reserved glance uid/gid (LP: #1889846). . glance (2:21.0.0~b2~git2020073013.cfbe5f76-0ubuntu1) groovy; urgency=medium . * New upstream snapshot for OpenStack Victoria. * Align (Build-)Depends with upstream. . glance (2:21.0.0~b1~git2020062909.e6db0b10-0ubuntu1) groovy; urgency=medium . * New upstream snapshot for OpenStack Victoria. * Align (Build-)Depends with upstream. * d/glance-common.install, d/glance-common.manpages: Remove glance-registry bits after upstream removal. * d/control: Update Standards-Version to 4.5.0.