Accepted nova 2:31.0.0-6+deb13u2 (source) into proposed-updates

Thu, 19 Feb 2026 15:04:46 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 06 Feb 2026 10:34:57 +0100
Source: nova
Architecture: source
Version: 2:31.0.0-6+deb13u2
Distribution: trixie-security
Urgency: high
Maintainer: Debian OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 1128294
Changes:
 nova (2:31.0.0-6+deb13u2) trixie-security; urgency=high
 .
   * CVE-2026-24708/OSSA-2026-002: By writing a malicious QCOW header to a root
     or ephemeral disk and then triggering a resize, a user may convince Nova's
     flat image backend to call qemu-img without a format restriction resulting
     in an unsafe image resize operation that could destroy data on the host
     system. Appiled upstream patch (Closes: #1128294):
     - cve-2026-24708-make-disk.extend-pass-format-to-qemu-img-2025.1.patch
Checksums-Sha1:
 3bf370973e2ba316a2428971985115fb83ddde4e 4854 nova_31.0.0-6+deb13u2.dsc
 9bfd90e7c79db45773b7ef1a24814974c9a0aa62 6124328 nova_31.0.0.orig.tar.xz
 82bded559a32bbfc9668e5531e1cc21a7c2e57ca 72812 
nova_31.0.0-6+deb13u2.debian.tar.xz
 58b94664b73a353235906238a6692c645dcbeeaa 26107 
nova_31.0.0-6+deb13u2_amd64.buildinfo
Checksums-Sha256:
 ecf919d3a492522295f2ba5b414973fac45a6a47b71abc205ae65c9d6908857c 4854 
nova_31.0.0-6+deb13u2.dsc
 51662e6eafcb3a278f6629683494094f587188fda4e8812ab23709a30dc579bc 6124328 
nova_31.0.0.orig.tar.xz
 e67f4ce1ba1f08a512ed01001ddcc7db0a6ea0c4bf036c8b904e9f08e57ae5dc 72812 
nova_31.0.0-6+deb13u2.debian.tar.xz
 adbb0f0c959d567c11e685d74960f7001767a9975ffa7870e0e05ab1a34a6a6a 26107 
nova_31.0.0-6+deb13u2_amd64.buildinfo
Files:
 d9a8c7606a6a6aff48bee499c2e5f755 4854 net optional nova_31.0.0-6+deb13u2.dsc
 3d75440c9b58a64b74b46a13a74c55ce 6124328 net optional nova_31.0.0.orig.tar.xz
 3d7908ae40239183929571a037a54774 72812 net optional 
nova_31.0.0-6+deb13u2.debian.tar.xz
 e30fd70e2bd85ee5e80a2b8df1409aa7 26107 net optional 
nova_31.0.0-6+deb13u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmmUiB4ACgkQ1BatFaxr
Q/6hVQ/8Dxti8mjRBuSa3xWak1+qr3XeCizIVrv1naHS5UXMcZlWHbcvO/mdEWJ+
R3cY0MFPHVZ17ltv/EL4TEh9ZtdFshCvrM5VpuQzrYBMZrfkclv1InWZsnrBp7rt
Ip/AS6UXW03svx1RAb6X+DPg8XQ/+F81lkwrXStMTBmZRh7M1zQRfG9lDH86OZux
bdo0rzFKmVih3nPvKLoRCKOFoRe1CMW8OgzzfVLgd7PpYsMEnAcUsV3QeHfA2SM1
/Mc0a9NibpLtnPdRcvWHoaVXGDgwRgJvCk4BCx0rwuU5VjMnL/FPsBanPqSVkAyI
KnYJHbN31Z2GolkTxKdQmkuSnVKh+B6CorWqWpgecE2nFfgwL1uM3Sd9ZA5bRhDV
1/nsv2gruUxrjK0fTVpv3cfGdveqNGDwOqnSMDNY5e6WOodtBYv+ebuPw6zDUSzj
cQPUGLexy982jnVdawnFh6tSo0nJjJKuhlUptJ9ohYbSuR9HOwFKGFksjVn4Q719
x9wNYdH3PBiQe6+HesWVscNXGe8O0L2it8o7VFb1WnbMTNSU4Zg06F69O/dgrQKu
dmX4sdflh2XLnNQsm1FzU5I/iFSIWSeQ8sYUNq7BOQ4uBUHKqAnvsPsy3qnQGHw4
4QMBWH/nEotAjUQeVQTrcMdafEW0t+Jb1enhFcc3YBpNhCJ3yUY=
=M5ja
-----END PGP SIGNATURE-----

Attachment: pgpv9tea1TBDB.pgp
Description: PGP signature

Reply via email to