UbuntuUpdates.org

Package "glance-api"

Name: glance-api

Description:

OpenStack Image Registry and Delivery Service - API

Latest version: 2:20.2.0-0ubuntu1.2
Release: focal (20.04)
Level: updates
Repository: main
Head package: glance
Homepage: https://launchpad.net/glance

Links


Download "glance-api"


Other versions of "glance-api" in Focal

Repository Area Version
base main 2:20.0.0~b3~git2020041012.d5a0ce18-0ubuntu1
security main 2:20.2.0-0ubuntu1.2

Changelog

Version: 2:20.2.0-0ubuntu1.2 2024-07-08 16:07:09 UTC

  glance (2:20.2.0-0ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
    (LP: #2059809)
    - debian/patches/CVE-2024-32498-pre1.patch: stream-friendly disk format
      inspection module.
    - debian/patches/CVE-2024-32498-pre2.patch: fix unintentional exception
      inspecting VMDK.
    - debian/patches/CVE-2024-32498-pre3.patch: limit CaptureRegion sizes
      in format_inspector for VMDK and VHDX.
    - debian/patches/CVE-2024-32498-pre4.patch: support Stream Optimized
      VMDKs.
    - debian/patches/CVE-2024-32498-pre5.patch: add missing fail case tests
      for image_conversion.
    - debian/patches/CVE-2024-32498-pre6.patch: make action wrapper support
      arbitrary properties.
    - debian/patches/CVE-2024-32498-pre7.patch: make image_conversion use
      action wrapper.
    - debian/patches/CVE-2024-32498-pre8.patch: update image.size after
      conversion.
    - debian/patches/CVE-2024-32498-1.patch: reject qcow files with
      data-file attributes.
    - debian/patches/CVE-2024-32498-2.patch: extend format_inspector for
      QCOW safety.
    - debian/patches/CVE-2024-32498-3.patch: add VMDK safety check.
    - debian/patches/CVE-2024-32498-4.patch: reject unsafe qcow and vmdk
      files.
    - debian/patches/CVE-2024-32498-5.patch: add QED format detection to
      format_inspector.
    - debian/patches/CVE-2024-32498-6.patch: add file format detection to
      format_inspector.
    - debian/patches/CVE-2024-32498-7.patch: add safety check and detection
      support to FI tool.
    - debian/control: added qemu-utils to Build-Depends so qemu-img is
      available for new tests.
    - CVE-2024-32498

 -- Marc Deslauriers <email address hidden> Wed, 03 Jul 2024 14:14:53 -0400

Source diff to previous version
CVE-2024-32498 An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom

Version: 2:20.2.0-0ubuntu1.1 2023-01-31 16:07:16 UTC

  glance (2:20.2.0-0ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file access
    - debian/patches/CVE-2022-47951.patch: Enforce image safety
      during image_conversion.
    - CVE-2022-47951

 -- Corey Bryant <email address hidden> Sun, 29 Jan 2023 10:53:07 -0500

Source diff to previous version
CVE-2022-47951 An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and

Version: 2:20.2.0-0ubuntu1 2021-11-30 19:07:15 UTC

  glance (2:20.2.0-0ubuntu1) focal; urgency=medium

  * New stable point release for OpenStack Ussuri (LP: #1948914).

 -- Chris MacNaughton <email address hidden> Thu, 28 Oct 2021 07:01:56 +0000

Source diff to previous version
1948914 [SRU] Ussuri stable releases

Version: 2:20.1.0-0ubuntu1 2021-09-20 20:06:18 UTC

  glance (2:20.1.0-0ubuntu1) focal; urgency=medium

  * d/control: Update VCS paths for move to lp:~ubuntu-openstack-dev.
  * d/watch: Add trailing slash to fix download.
  * New stable point release for OpenStack Ussuri (LP: #1941048).

 -- Chris MacNaughton <email address hidden> Wed, 25 Aug 2021 12:03:41 +0000

Source diff to previous version

Version: 2:20.0.1-0ubuntu1 2020-09-15 17:06:20 UTC

  glance (2:20.0.1-0ubuntu1) focal; urgency=medium

  * New stable point release for OpenStack Ussuri (LP: #1892139).

 -- Chris MacNaughton <email address hidden> Wed, 19 Aug 2020 07:32:43 +0000

1892139 [SRU] ussuri stable releases



About   -   Send Feedback to @ubuntu_updates