glance 2:28.0.1-0ubuntu3 source package in Ubuntu

Changelog

glance (2:28.0.1-0ubuntu3) oracular; urgency=medium

  * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
    (LP: #2059809)
    - debian/patches/CVE-2024-32498-1.patch: reject qcow files with
      data-file attributes.
    - debian/patches/CVE-2024-32498-2.patch: extend format_inspector for
      QCOW safety.
    - debian/patches/CVE-2024-32498-3.patch: add VMDK safety check.
    - debian/patches/CVE-2024-32498-4.patch: reject unsafe qcow and vmdk
      files.
    - debian/patches/CVE-2024-32498-5.patch: add QED format detection to
      format_inspector.
    - debian/patches/CVE-2024-32498-6.patch: add file format detection to
      format_inspector.
    - debian/patches/CVE-2024-32498-7.patch: add safety check and detection
      support to FI tool.
    - CVE-2024-32498

 -- James Page <email address hidden>  Mon, 24 Jun 2024 09:31:38 +0100

Upload details

Uploaded by:
James Page
Uploaded to:
Oracular
Original maintainer:
OpenStack Ubuntu packagers
Architectures:
all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Oracular release main net

Builds

Oracular: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
glance_28.0.1.orig.tar.gz 2.0 MiB 69917043111c2925117ead11880742a3d6871c31056625d3731362300605ed23
glance_28.0.1-0ubuntu3.debian.tar.xz 29.7 KiB d929b28bc8cca374e69cd2615435055c5be6ed2ed3566ee5b19ff2d37cf1e91b
glance_28.0.1-0ubuntu3.dsc 4.4 KiB dfee80b8b621cc1552df9377eedde5278843ceaf871122dcbe23444221960562

Available diffs

  • diff from 2:28.0.1-0ubuntu1 to 2:28.0.1-0ubuntu3 (pending)

View changes file

Binary packages built by this source

glance: OpenStack Image Registry and Delivery Service - Daemons

 The Glance project provides an image registration and discovery service
 and an image delivery service. These services are used
 in conjunction by Nova to deliver images from object stores, such as
 OpenStack's Swift service, to Nova's compute nodes.
 .
 This package is a metapackage for all glance daemons.

glance-api: OpenStack Image Registry and Delivery Service - API

 The Glance project provides an image registration, discovery and
 delivery service. These services may be used as stand-along services, and
 they may also be used by Nova to deliver images from object stores, such as
 OpenStack's Swift service, to Nova's compute nodes.
 .
 This package contains the glance API server.

glance-common: OpenStack Image Registry and Delivery Service - Common

 The Glance project provides an image registration, discovery and
 delivery service. These services may be used as stand-along services, and
 they may also be used by Nova to deliver images from object stores, such as
 OpenStack's Swift service, to Nova's compute nodes.
 .
 This package contains the glance common.

python-glance-doc: OpenStack Image Registry and Delivery Service - Documentation

 The Glance project provides an image registration and discovery service
 (Parallax) and an image delivery service (Teller). These services are used
 in conjunction by Nova to deliver images from object stores, such as
 OpenStack's Swift service, to Nova's compute nodes.
 .
 This package contains the documentation.

python3-glance: OpenStack Image Registry and Delivery Service - Python 3 library

 The Glance project provides an image registration and discovery service
 and an image delivery service. These services are used
 in conjunction by Nova to deliver images from object stores, such as
 OpenStack's Swift service, to Nova's compute nodes.
 .
 This package contains the Python 3 libraries.