Back to glance PTS page

Accepted glance 2:17.0.0-5+deb10u1 (source) into oldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted glance 2:17.0.0-5+deb10u1 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 27 Jan 2023 12:30:20 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: glance_17.0.0-5+deb10u1_source.changes
Debian-source: glance
Debian-suite: oldstable
Debian-version: 2:17.0.0-5+deb10u1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=5m28bTRE/4u9dF0DjovFXSAgej/vr/zB8F3IBpQq0tc=; b=T9zxxOvbfLU1s0132SQbBi9ojq KEc9W1XHRXCtnQcPIabzQTNBPyc/yE0ZizGQwjGGyRGKu9XhxhpZL08o5Oy243k6ogJazhacCi4JV NurSsrSo3FhAvU5PUAeOLEtqzGywRYkiEbMbVsF1zR671ikphK/Uo6FNdWP90X6BR3/RH5Q357u/r r9MIZV/kxV2PnjfBc6cd6OjEi+yTe/2KsU5wofBgVPDSRes4uvQCTFE9h5SOJt1AGi4Kut++DGvyo uzNYWiFqp80o7NkomAfbXo1i/C3N+sEdf0uzQTvjzDpPri37yeEpXVrs7T3AjmS3bRdRPcpSHW8NN LaZIM2HQ==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1pLNs4-00HUSp-SS@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 25 Jan 2023 14:39:24 +0100
Source: glance
Architecture: source
Version: 2:17.0.0-5+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1029563
Changes:
 glance (2:17.0.0-5+deb10u1) buster-security; urgency=medium
 .
   * Switch the default shell for Glance to be /bin/sh to allow scp / rsync of
     /var/lib/glance.
   * CVE-2022-47951: vulnerability in VMDK image processing. By supplying a
     specially created VMDK flat image which references a specific backing file
     path, an authenticated user may convince systems to return a copy of that
     file's contents from the server resulting in unauthorized access to
     potentially sensitive data. Added upstream patch:
     CVE-2022-47951-Enforce_image_safety_during_image_conversion.patch
     (Closes: #1029563).
Checksums-Sha1:
 5de7eb200b7d19b1f27453c5cb18dee044d468d8 4086 glance_17.0.0-5+deb10u1.dsc
 010033c159cd42719747c050de7145c5ff525a64 1419208 glance_17.0.0.orig.tar.xz
 f4ccca813d3bd766c509cb541428fe3728ccc4b6 22040 glance_17.0.0-5+deb10u1.debian.tar.xz
 d5b8823af099432c10bd13ad9861837d84179a68 17129 glance_17.0.0-5+deb10u1_amd64.buildinfo
Checksums-Sha256:
 6d2477356d833ab6dd50c1772d196fe149cf13ae7c3615efa73cf6578dc1eaea 4086 glance_17.0.0-5+deb10u1.dsc
 dab83599dbc9158eb20e33fc946e3bad136af32acd157c62228ec3416db9c9a4 1419208 glance_17.0.0.orig.tar.xz
 f32311438e898d73043dcd1d14ce280875f0c5e275336695f2b00bb27334aa9e 22040 glance_17.0.0-5+deb10u1.debian.tar.xz
 d295885d0b17933a016ed89c016698eeec65326db38c68d183d4c02c5cc3160f 17129 glance_17.0.0-5+deb10u1_amd64.buildinfo
Files:
 6566713f76e97c5d61eb322f7834191c 4086 net optional glance_17.0.0-5+deb10u1.dsc
 4cd30369e26959ab92257f97fcb38554 1419208 net optional glance_17.0.0.orig.tar.xz
 164db271671ccaff49356f7c99567dfe 22040 net optional glance_17.0.0-5+deb10u1.debian.tar.xz
 4bf91dd2c4b17e492f9a21b8744e8026 17129 net optional glance_17.0.0-5+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmPTwGcACgkQ1BatFaxr
Q/4NRQ/7BiU/dxFO70ZNrakCyNjaa4+LWPJuBgCWHMwiMQLnMpNnsZvFDbtPGPX6
tX/h5cw5i54821R1NLYcYclTKSntpNgQZY3DlJPsA2/KH4V+rydapAv8KN4+a6mf
r1zcN/nFK9479SevwuR9fGJnJqyCDs64dz2drxlEDcLokpjdPMWwKS6p6ayL7bB8
VvFqv9zLoVsVTBnY7RKWfQXkxxnT912HImizTmQM7CjTG3AsMh+x31GG9gIW4SXI
+NRT44UT8u2LdjWBKCrW1YHxFirHe5JOoRXG5QwFJMDQuUxHpATD9KkDLRdp12Rg
PUHSCaS0szDzy+MNi9DGh5/qNy5c8i9Ex2hilaNLlZBf1c/hfyqZSR3jLi4dPq1H
kVlIkeQyaZ0sua3E4yCYWhOqFEGBCegJXibtDymhxyvJQM4DG3KKrwAzdd2xzYCA
XhbXSthzAW38MihIs0GJVji0n6t2AixTmtgQ7OlYMcYLtx4Qt5gRStSMWJh+3iSh
wjljCrf2wA1vjGZdcrUjF0P7QaX8HAA0od1RgYmfzTOfI3O4QIRz8+JDag1sQVDe
zlxYYLk4VR1BAAga8awsYzXjibu1SzF3daXiUrE2YkXrXY6zAviyI+j8+WK7kSYM
WHpFMsnWcwfiK5FbYDphcDNT+ZCuvlEqvIQ7qKpoQr+3TKbIiPw=
=MLvA
-----END PGP SIGNATURE-----