Accepted glance 2:25.1.0-2+deb12u2 (source) into oldstable-proposed-updates

Debian FTP Masters Sat, 02 May 2026 13:49:09 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 19 Mar 2026 17:08:44 +0100
Source: glance
Architecture: source
Version: 2:25.1.0-2+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Debian OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 1131274
Changes:
 glance (2:25.1.0-2+deb12u2) bookworm; urgency=medium
 .
   * CVE-2026-34881 / OSSA-2026-004:
     Server-Side Request Forgery (SSRF) vulnerabilities in Glance image import.
     By use of HTTP redirects, an authenticated user can bypass URL validation
     checks and redirect to internal services. Add upstream patch:
     - OSSA-2026-004_Fix_SSRF_vulnerabilities_in_image_import_API.patch.
     (Closes: #1131274).
Checksums-Sha1:
 ac0183853199f7db8c845026be3e2a4e126f1d81 3829 glance_25.1.0-2+deb12u2.dsc
 23f5c40a5360f1d0981f257a4e8ff07363576458 39816 
glance_25.1.0-2+deb12u2.debian.tar.xz
 7979021bd8e39a2f6b37dbaf4957d6a025eaa44b 19527 
glance_25.1.0-2+deb12u2_amd64.buildinfo
Checksums-Sha256:
 c4f55f941753f9e87cd379bc3136a0970d0d2432003b45f4d30f5de8d3cfde34 3829 
glance_25.1.0-2+deb12u2.dsc
 0b30e2296fc0dae6969899b434e41c44c514b4efd89edc885af1ba58cfbb8ab2 39816 
glance_25.1.0-2+deb12u2.debian.tar.xz
 75b4b8bfd3074f377470c79eb815ef75762e73bb22e17f737cc5e0bed2a2fb51 19527 
glance_25.1.0-2+deb12u2_amd64.buildinfo
Files:
 c7be626622b2fe8351e32760dcf8a206 3829 net optional glance_25.1.0-2+deb12u2.dsc
 b6bf1fb98f17a5f60ff365c1b434d355 39816 net optional 
glance_25.1.0-2+deb12u2.debian.tar.xz
 093bae98bb9f21fd2f26a2228cae88b0 19527 net optional 
glance_25.1.0-2+deb12u2_amd64.buildinfo

pgpLh67coyxRP.pgp
Description: PGP signature

Accepted glance 2:25.1.0-2+deb12u2 (source) into oldstable-proposed-updates

Reply via email to