Accepted nova 2:32.1.0-7 (source) into unstable

Tue, 17 Feb 2026 07:19:22 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 06 Feb 2026 00:32:36 +0100
Source: nova
Architecture: source
Version: 2:32.1.0-7
Distribution: unstable
Urgency: high
Maintainer: Debian OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 1128294
Changes:
 nova (2:32.1.0-7) unstable; urgency=high
 .
   * CVE-2026-24708/OSSA-2026-002: By writing a malicious QCOW header to a root
     or ephemeral disk and then triggering a resize, a user may convince Nova's
     flat image backend to call qemu-img without a format restriction resulting
     in an unsafe image resize operation that could destroy data on the host
     system. Appiled upstream patch (Closes: #1128294):
     - cve-2026-24708-make-disk.extend-pass-format-to-qemu-img-2025.2.patch
   * Cleans better.
Checksums-Sha1:
 55fdde7cc70553b5ee35f08de25923bd0f28c86b 4676 nova_32.1.0-7.dsc
 c19f97ab577f7c05ee949c20a012c389f955a018 69360 nova_32.1.0-7.debian.tar.xz
 454bb3c266bb29785a5f6b5870028eea820905d8 25575 nova_32.1.0-7_amd64.buildinfo
Checksums-Sha256:
 b26c2b258b23f4cdb6229e1e2f884cba1c739daac9fdc408fcd5dd5e6c712ae1 4676 
nova_32.1.0-7.dsc
 acfa686dd7a3607b3e475c6b122195c64ae15067dc2fa352a0805e20f07bf7bf 69360 
nova_32.1.0-7.debian.tar.xz
 a888bd909540b8e0570969bd6bef1ddb2ba2dd5b02540a8828625d5ecad11be0 25575 
nova_32.1.0-7_amd64.buildinfo
Files:
 7ddc7b155f29b0ff6ec670173660fb8e 4676 net optional nova_32.1.0-7.dsc
 c7c51691fe9bc6f3ed0ecf1223ebf823 69360 net optional nova_32.1.0-7.debian.tar.xz
 9b940ec65044beb2c1c05460c94b18cc 25575 net optional 
nova_32.1.0-7_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmmUhLIACgkQ1BatFaxr
Q/7+KA//XL7pXx+iqLTW0Keb/ybbm3Nbat2BNnw2DjR/EsK2EkpeX3MgwtDc8Tna
UkNRDd3tvjhTNeQ/XNc0SIfoAjMc663OEDvZrDvyCu6qz/74TL9VY0ECr+T5s7Fq
zYGjGsLP8RoC2IN9tipTEkaBMEHduu7SCHWM8sHLt0pgm8tXa2tUhJnG3jkKSclD
6e24jqP1PXOhxv8lA7UXhuSwfKs/4ZV2Z0OpEvk6rR1k8dqdOYgKdBqbrVXNh4Xk
RrCvdpQk9/oG01n3c4HcycBLHZscV3CtK9T8xqp2IgkNnfg6rK5j83zrZs3ozLlm
YdDDCkk/MlkmTffgBwN1p+IbfIFwqsZyLgLluuN5ERcNA317ZobgLBwBSpSWDQto
IZfLf3E8+OkUh+MkbglcdFlcQrg8CUEXtoMjFhxz3adm8/WadLK6H/gjiiYPme9D
GdI63tQkiaLGKbS0lHoNkaqdlkw+Mbc0mT+9eTQ5FaX6+Q1CZFphKIKbsIJ5qZh5
mXXfen4iLq6cN5w0tcpcjHpPZVeJRuGq4Px7b9xSZJsFTV2Y7cO248DQ9Q8ABM+K
SIPjzrofIMilndfyV5zI9YDI0NWp1zKMyc5UMuCwf413X0N/Ze8XxlgTHXNsp35h
z9zd7Pz15mHHt6OKrOSep0UDnMQJvpqKKqt9UHF1sI99U1cbVcY=
=x8So
-----END PGP SIGNATURE-----

Attachment: pgpKP0uuhSRfq.pgp
Description: PGP signature

Reply via email to