Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.changes > #13595
| Path | csiph.com!news.neodome.net!news.samoylyk.net!gothmog.csi.it!bofh.it!news.nic.it!robomod |
|---|---|
| From | Debian FTP Masters <ftpmaster@ftp-master.debian.org> |
| Newsgroups | linux.debian.changes |
| Subject | Accepted glance 2:25.1.0-2+deb12u2 (source) into oldstable-proposed-updates |
| Date | Sat, 02 May 2026 22:50:03 +0200 |
| Message-ID | <MQprJ-273D-61@gated-at.bofh.it> (permalink) |
| X-Original-To | debian-changes@lists.debian.org |
| X-Mailbox-Line | From debian-changes-request@lists.debian.org Sat May 2 20:48:56 2026 |
| Old-Return-Path | <envelope@ftp-master.debian.org> |
| X-Spam-Flag | NO |
| X-Spam-Score | -97.99 |
| X-Dak | dak process-policy |
| X-Debian | DAK |
| X-Debian-Package | glance |
| Debian | DAK |
| Debian-Changes | glance_25.1.0-2+deb12u2_source.changes |
| Debian-Source | glance |
| Debian-Version | 2:25.1.0-2+deb12u2 |
| Debian-Architecture | source |
| Debian-Suite | oldstable-proposed-updates |
| Debian-Archive-Action | accept |
| MIME-Version | 1.0 |
| Content-Type | multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============3000673822998274608==" |
| X-Debian-Message | from DAK |
| Reply-To | debian-devel@lists.debian.org |
| Mail-Followup-To | debian-devel@lists.debian.org |
| X-Mailing-List | <debian-changes@lists.debian.org> archive/latest/18210 |
| List-ID | <debian-changes.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-changes/> |
| List-Archive | https://lists.debian.org/msgid-search/E1wJHGG-0000000630G-2uBr@fasolo.debian.org |
| Approved | robomod@news.nic.it |
| Lines | 78 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Date | Sat, 02 May 2026 20:48:28 +0000 |
| X-Original-Message-ID | <E1wJHGG-0000000630G-2uBr@fasolo.debian.org> |
| Xref | csiph.com linux.debian.changes:13595 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 19 Mar 2026 17:08:44 +0100
Source: glance
Architecture: source
Version: 2:25.1.0-2+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1131274
Changes:
glance (2:25.1.0-2+deb12u2) bookworm; urgency=medium
.
* CVE-2026-34881 / OSSA-2026-004:
Server-Side Request Forgery (SSRF) vulnerabilities in Glance image import.
By use of HTTP redirects, an authenticated user can bypass URL validation
checks and redirect to internal services. Add upstream patch:
- OSSA-2026-004_Fix_SSRF_vulnerabilities_in_image_import_API.patch.
(Closes: #1131274).
Checksums-Sha1:
ac0183853199f7db8c845026be3e2a4e126f1d81 3829 glance_25.1.0-2+deb12u2.dsc
23f5c40a5360f1d0981f257a4e8ff07363576458 39816 glance_25.1.0-2+deb12u2.debian.tar.xz
7979021bd8e39a2f6b37dbaf4957d6a025eaa44b 19527 glance_25.1.0-2+deb12u2_amd64.buildinfo
Checksums-Sha256:
c4f55f941753f9e87cd379bc3136a0970d0d2432003b45f4d30f5de8d3cfde34 3829 glance_25.1.0-2+deb12u2.dsc
0b30e2296fc0dae6969899b434e41c44c514b4efd89edc885af1ba58cfbb8ab2 39816 glance_25.1.0-2+deb12u2.debian.tar.xz
75b4b8bfd3074f377470c79eb815ef75762e73bb22e17f737cc5e0bed2a2fb51 19527 glance_25.1.0-2+deb12u2_amd64.buildinfo
Files:
c7be626622b2fe8351e32760dcf8a206 3829 net optional glance_25.1.0-2+deb12u2.dsc
b6bf1fb98f17a5f60ff365c1b434d355 39816 net optional glance_25.1.0-2+deb12u2.debian.tar.xz
093bae98bb9f21fd2f26a2228cae88b0 19527 net optional glance_25.1.0-2+deb12u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmnTqVYACgkQ1BatFaxr
Q/40eQ/9E5Tnrj7V+HukngfhaifF2Uxf8LGYpjEBmdiOSbEdiFWAamdrCC8a+db6
rJTnoEj3av20LvseD9XyfYY3tRQBHKd9kX4xwZ+O5wNC76EowCSrnlkbP1+/Cdc9
ofdGS7KHSS+7vnruSP6VcxI3RFlceM+CbOefLWesIN9Jc37kOa391MEJ5AKS82eW
35BvufPqBHKUzdpfmI+FI+6XAnbWiwbEiAZr6jnBCGfUsQdgNc0B4iQlUI3HRu6a
CnJL0Du0zWN0cPyFBdP+ZSeHUDsC60CLzWPVtoDTktg/kbJ48Ha5wPoVuEBNKe8X
yQETDZjXQFIi1Y+q0UFhKlgMpxmISIimadtMpoop5poMZ/uoWBzQccLZmDQrNF7+
mfskazrfq+xnUav8K2elZm5AKTRA5Z8AlxsnuZNh1q/Vto/VdZvvtEr8Jb4IRJxu
j8xnKR6GmO5qsMLo6N3/GA+97h3RU7DX70XD5QGd1+2oqEfQXPjmkr9mTbOPJWCy
PT5sgrk5bZGnDdqA369QtgwgOzBR/zbwXsIIDXOhGhudmkM5Z0tjy1mgwLO90cqW
XRoFj/1f6C8gn7HGR1xkzhjlKAS0MPYLpWd5Q62b63MVYjrVay6SjSHMgy3Bs3f1
GF7aHDuJZSsxMVWHmYiKE0Q5hQXjT0UbTMIsnHZ//Cgjz6AhmIo=
=gf1W
-----END PGP SIGNATURE-----
Back to linux.debian.changes | Previous | Next | Find similar
Accepted glance 2:25.1.0-2+deb12u2 (source) into oldstable-proposed-updates Debian FTP Masters <ftpmaster@ftp-master.debian.org> - 2026-05-02 22:50 +0200
csiph-web