Back to nova PTS page

Accepted nova 2:18.1.0-6+deb10u2 (source) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted nova 2:18.1.0-6+deb10u2 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 27 Jan 2023 13:20:19 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: nova_18.1.0-6+deb10u2_source.changes
Debian-source: nova
Debian-suite: oldstable
Debian-version: 2:18.1.0-6+deb10u2
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=eLQ32ZDOZv3fgHFmteHUR3/hPUfIGKJ/9e1b3+U15qc=; b=jVvZpVW+qusB1BHdJG575rBAwC QW2bU5SKm5jcZ1GAU8S1kndPIS8WPIEpu4urOuGbHimqX35fL+Zy4tW+MpgAHyKRbGaSS1021JGOq lpdwWfhvQxZJ5uwu/J0/ghIZTxOkR+Z2vC4lX9uNiK53+hOjjiespB3dD8frQs+776Ibt7RYfarp4 5Fz6VD+5s70bVo2HtgrA5DgOH7bcV292Xka94gAd0cPcj0bq6YN5w9o1iDIe3cpSXQ9EKjP0oHN/5 o5iZj8yyMezTxDlYno8mdCwbEmux65STZv7BTmdJHJ4Df/Y4CvsUByZXgs05QINY5WvjBNZeAFxca iV1Ds2hg==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1pLOeR-0003Bq-UD@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 27 Jan 2023 11:32:53 +0100
Source: nova
Architecture: source
Version: 2:18.1.0-6+deb10u2
Distribution: buster-security
Urgency: medium
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1029561
Changes:
 nova (2:18.1.0-6+deb10u2) buster-security; urgency=medium
 .
   * CVE-2022-47951: By supplying a specially created VMDK flat image which
     references a specific backing file path, an authenticated user may convince
     systems to return a copy of that file's contents from the server resulting
     in unauthorized access to potentially sensitive data. Add upstream patches
     (Closes: #1029561):
     - cve-2022-47951-nova-stable-rocky.patch
     - images_Make_JSON_the_default_output_format_of_calls_to_qemu-img_info.patch
     - images_Move_qemu-img_info_calls_into_privsep.patch
   * Fixed minimum version of python3-oslo.utils (>= 3.36.5-0+deb10u3~),
     required by the above CVE patch.
   * Build-depends on qemu-utils (needed for new tests).
   * Blacklist non-working tests:
     - test_convert_image_with_prlimit_fail
     - test_qemu_img_info_with_disk_not_found
     - test_create_cow_image
Checksums-Sha1:
 24f5f1844185d5fb1a892addc1c7173fd26c7524 5892 nova_18.1.0-6+deb10u2.dsc
 d479978a9479de7a80b5cb4d058f1800b697452d 10826849 nova_18.1.0.orig.tar.gz
 2926f9e93310a9c88195fe208f48741c4e6e2fd5 73928 nova_18.1.0-6+deb10u2.debian.tar.xz
 384adb681fa94c64303f50cb34105c1b7865b56b 25043 nova_18.1.0-6+deb10u2_amd64.buildinfo
Checksums-Sha256:
 7ad52890c9c0a8ec2ba6cb819da751005d42e7b4d86a3a842071c46ad0ae0010 5892 nova_18.1.0-6+deb10u2.dsc
 27e2fb0b5c7419a40b433730a9e9ecfab9662a9a6ebbdc99ee78aedeb2dee32b 10826849 nova_18.1.0.orig.tar.gz
 b0936d987dd3b00632ea7900bfb16786bbb357d81fcaf638e5788152d2ccd902 73928 nova_18.1.0-6+deb10u2.debian.tar.xz
 1e3d522d1e0c60ac135034c756e12d4a9ea17236ef10cc6d88a6c6c167572cee 25043 nova_18.1.0-6+deb10u2_amd64.buildinfo
Files:
 f25cceb3e1ffea83f42d988a9179366e 5892 net optional nova_18.1.0-6+deb10u2.dsc
 0178de51807cfa0dd05ecb32773dd246 10826849 net optional nova_18.1.0.orig.tar.gz
 64421b2831dd17f3002a89cc8580a37d 73928 net optional nova_18.1.0-6+deb10u2.debian.tar.xz
 06aaf6e9dedff7cc3a106f41580f4223 25043 net optional nova_18.1.0-6+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmPTyuAACgkQ1BatFaxr
Q/5v2Q/8C1F651RY40+e5DYSpDG2JLdh0Ph40y/30X7doOYXJudUzgqFkl2SV+eI
KsTVHGGhuufUMEP+0YZuGmsHwfbTSQko6sGR1ElwcEWOoN2Ux+P6Dg+rzQRlIV98
U2psdxcsfiveX0FeOyGOt46cKKBH+Dyb/Quuq919/ChPTPrkG2Pb4Z6zemWWpfmZ
r0hE21oIuu1PzJvqwXuimIUhFv+UO0U26KLnHGLWenEV8xBRJK9MvJRmeyrj5iVm
wTdH9a89hol0Lt5ZXFldl9q8aS93naH+wiA0jdFwYItGIOICd1NGHgWAd7tRBBEm
mMXvcIWDLluiBfthoLiQAT+Fkdhhjo0Oi45XVFLtkdvY1wiXG1dwd8GE8/8Kn53/
IfsovrHXYSFuxbrkjX9voMmvqVZAqoEeV9ouVb7Hh3CbyuvVtqfZii441G56JuEM
mNXCxyCaVsH5IfJdcgPsnxt11g9zgVlz7jTEX6VdNIuNtPq3Q+jdTb5EoBP7RkEH
b6WRf+7lhvj+oMf6+Tve30X0iDa9RScw8+6U1YocIU0WVRGQztp3pnkmkRISj15k
MySl80v5sbNXV4xKe5Pl2cr804H3ZtRqE14B8PDAJfwFZZPrLf/eKgQ9ueCVdRck
pwQb/pC6EkzXO3z2mgYeCWQqe6dWsvgCNhaJP8nWKVJG/FnrZ3A=
=y+II
-----END PGP SIGNATURE-----