This bug was fixed in the package cinder - 2:23.0.0-0ubuntu1.4~cloud0 --------------- cinder (2:23.0.0-0ubuntu1.4~cloud0) jammy; urgency=medium . * SECURITY UPDATE for Ubuntu Cloud Archive. backport to jammy. . cinder (2:23.0.0-0ubuntu1.4) mantic-security; urgency=medium . * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data (LP: #2059809) - debian/patches/CVE-2024-32498.patch: check for external qcow2 data file. - debian/control: added qemu-utils to Build-Depends so qemu-img is available for new tests. - CVE-2024-32498 . cinder (2:23.0.0-0ubuntu1.2) mantic; urgency=medium . [ Jorge Merlino ] * Increase size of volume image metadata values to 65535 bytes (LP: #1988942) . [ Heather Lemon ] * Start cinder-volume.service after tgt.service started (LP: #1987663) - d/cinder-volume.service.conf: drop-in with 'After=' and 'Wants=' ('Wants=' is not generated by pkgos-gen-systemd-unit currently). - d/cinder-volume.install: ship the systemd service drop-in file. . cinder (2:23.0.0-0ubuntu1.1) mantic; urgency=medium . [ Corey Bryant ] * d/gbp.conf: Create stable/2023.2 branch. * d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for bobcat. . [ Edward Hope-Morley ] * revert driver assister volume retype (LP: #2019190) - d/p/0001-Revert-Driver-assisted-migration-on-retype-when-it-s.patch . cinder (2:23.0.0-0ubuntu1) mantic; urgency=medium . * New upstream release for OpenStack Bobcat. . cinder (2:23.0.0~rc1-0ubuntu1) mantic; urgency=medium . * New upstream release candidate for OpenStack Bobcat. . cinder (2:22.1.0+git2023090509.f79048d2-0ubuntu1) mantic; urgency=medium . * New upstream snapshot for OpenStack Bobcat. * d/p/install-missing-db-files.patch: Install missing db files, including cinder/db/alembic.ini. . cinder (2:22.1.0+git2023071214.c1a18fcd-0ubuntu1) mantic; urgency=medium . * d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for bobcat. * New upstream snapshot for OpenStack Bobcat. * d/control: Align (Build-)Depends with upstream. * d/p/skip-mock-spec-failures.patch: Dropped. No longer needed. * d/p/CVE-2023-2088-*.patch: Dropped. Fixed in snapshot. . cinder (2:22.0.0-0ubuntu4) mantic; urgency=medium . * SECURITY UPDATE: Unauthorized File Access (LP: #2021980) - debian/patches/CVE-2023-2088-1.patch: Reject unsafe delete attachment calls. - debian/patches/CVE-2023-2088-2.patch: Doc: Improve service token. - CVE-2023-2088 . cinder (2:22.0.0-0ubuntu3) mantic; urgency=medium . * SECURITY REGRESSION: Regressions in other projects (LP: #2020111) - debian/patches/series: Do not apply CVE-2023-2088.patch until patches are ready for all upstream OpenStack projects. - CVE-2023-2088 . cinder (2:22.0.0-0ubuntu2) mantic; urgency=medium . * SECURITY UPDATE: Unauthorized File Access - debian/patches/CVE-2023-2088.patch: Reject unsafe delete attachment calls. - CVE-2023-2088 . cinder (2:22.0.0-0ubuntu1) lunar; urgency=medium . * New upstream release for OpenStack Antelope. * d/p/skip-mock-spec-failures.patch: Rebased. . cinder (2:21.1.0+git2023030309.3ddce92b-0ubuntu1) lunar; urgency=medium . * d/control: Drop min version of python3-mypy to enable backport to cloud-archive. * d/watch: Drop major version. * New upstream snapshot for OpenStack Antelope. * d/p/skip-mock-spec-failures.patch: Rebased. . cinder (2:21.1.0+git2023022212.0af3df67-0ubuntu1) lunar; urgency=medium . * New upstream snapshot for OpenStack Antelope. * d/control: Align (Build-)Depends with upstream. . cinder (2:21.1.0+git2023012815.c9e65529-0ubuntu1) lunar; urgency=medium . * New upstream snapshot for OpenStack Antelope. * d/control: Align (Build-)Depends with upstream. . cinder (2:21.0.0+git2023011009.2db3fc3e-0ubuntu1) lunar; urgency=medium . * New upstream snapshot for OpenStack Antelope. * d/control: Align (Build-)Depends with upstream. * d/p/skip-mock-spec-failures.patch: Skip tests that are affected by "Cannot spec a Mock object" failure. . cinder (2:21.0.0-0ubuntu1) kinetic; urgency=medium . * d/watch: Scope to 21.x. * New upstream release for OpenStack Zed.