Your message dated Tue, 23 Jul 2024 12:20:07 +0000
with message-id <e1sweux-004rmc...@fasolo.debian.org>
and subject line Bug#1076774: fixed in nova 2:29.0.2-4
has caused the Debian Bug report #1076774,
regarding CVE-2024-40767
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1076774: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076774
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: nova
Version: 2:26.1.0-4
Severity: grave
This CVE-2024-40767 is embargoed, to be disclosed later today, so I'm not
publishing any more details just yet. Barely opening this bug to reference
it in the package.
Cheers,
Thomas Goirand (zigo)
--- End Message ---
--- Begin Message ---
Source: nova
Source-Version: 2:29.0.2-4
Done: Thomas Goirand <z...@debian.org>
We believe that the bug you reported is fixed in the latest version of
nova, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1076...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated nova package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 09 Jul 2024 03:54:55 +0200
Source: nova
Architecture: source
Version: 2:29.0.2-4
Distribution: unstable
Urgency: high
Maintainer: Debian OpenStack <team+openst...@tracker.debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Closes: 1076774
Changes:
nova (2:29.0.2-4) unstable; urgency=high
.
* Update CVE-2024-32498 patches from git.
* CVE-2024-40767: Regression VMDK/qcow arbitrary file access (CVE-2024-32498)
Added upstream patches (Closes: #1076774):
- CVE-2024-40767_1_port_format_inspector_tests_from_glance.patch
-
CVE-2024-40767_2_Reproduce_iso_regression_with_deep_format_inspection.patch
- CVE-2024-40767_3_Add-iso-file-format-inspector.patch
-
CVE-2024-40767_4_Change-force_format-strategy-to-catch-mismatches_caracal.patch
* Add qemu-utils as build-depends to run above tests.
Checksums-Sha1:
7a54e65fe51d8740754b3b15fdd354e7b64edf29 4797 nova_29.0.2-4.dsc
638f1c3bb5177df4528d6505739639826824a4a4 87384 nova_29.0.2-4.debian.tar.xz
d9c768fd7cab2335f9a94e07d666fb6a56859a48 24490 nova_29.0.2-4_amd64.buildinfo
Checksums-Sha256:
36d08354ac596131ce5e87a99474f8d39bf90e200899ee186e022b216bc75cb4 4797
nova_29.0.2-4.dsc
190bf091f0ee9f45ee227a24d84e9db1c2f618d8fd7dc57e08901d307a902fa2 87384
nova_29.0.2-4.debian.tar.xz
29b81ab18f827ce439daabefe29719346b63eac3a05debd24fc432244a4e9bf2 24490
nova_29.0.2-4_amd64.buildinfo
Files:
5ccc805480fd624d03eb16384eea2f56 4797 net optional nova_29.0.2-4.dsc
a6a44d91c64a256feb2945a474af0565 87384 net optional nova_29.0.2-4.debian.tar.xz
39fcf7886c4a17ab822053d19d851ff8 24490 net optional
nova_29.0.2-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmafmsQACgkQ1BatFaxr
Q/7OOQ/9HZcKAP16/5H13QHAZl1RB9fWDjFUhqiQbJsFGgL6PJSQvqJ++f9UICQh
VRG3YqKgEUsktEIocuCdSU3J5oIvll1y3DjBqrRTnoZ7jEDq3v3ZTaTKJigs3fZi
/h9wAWcZCY7xb/GnwE5cV2/+8Mq9LHqfEm+ioZcU7UpEYsbxB5QONm0TFspakhK+
xE6DQM1HA0cc+01IKsiw14oEeB+cO9cS90UJCS7q6dqW6ggw4h7R6O9zaQ2Hboiw
9VPD8uizSkjHyqEK4mIh7AMeFnlp6EqsiSNCzE701SNtn419zLiAFXdbA7y1X9PB
qdrAL/3uExnpAn+mAc0Fo5pl+lDrN5FnE+VoxGYs6nq45bQmht5/jpKfGTCYgRcY
35FzK6NAjO8YC2Q8k4+6R4rwTFaa30qqrl5KD1kQIVORyfBMBMU1tJBD7S8IHEm0
9jP7QJvlazyUAlIj5OZemCUfCTvsfuV3g5rPKDedE4AHuKfmS6CN2T9fiAvbDrFF
hse8TMJNPjo5iCJrndqqm1k84AAkBKvOPXYns5dw7DpbzMsopf1mkZTPsAx9ALu5
orMnbLicKV3pYcGHR+8i/NSRGmt4Pgiyqouzxcq/LkMf3wXavxL/MNW2V2qSNS0P
ufxxBWm2RqucUUbsKpJFXEyYaOeAqXE2lsdrtUYb+EVodpfQbKQ=
=jYeH
-----END PGP SIGNATURE-----
pgppWvwmiB0g0.pgp
Description: PGP signature
--- End Message ---
