Format: 1.8 Date: Fri, 10 Feb 2023 04:30:14 +0000 Source: cinder Binary: cinder-api cinder-backup cinder-common cinder-scheduler cinder-volume python-cinder Architecture: source Version: 2:12.0.10-0ubuntu2.2~cloud0 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers Changed-By: Openstack Ubuntu Testing Bot Description: cinder-api - Cinder storage service - API server cinder-backup - Cinder storage service - Scheduler server cinder-common - Cinder storage service - common files cinder-scheduler - Cinder storage service - Scheduler server cinder-volume - Cinder storage service - Volume server python-cinder - Cinder Python libraries Changes: cinder (2:12.0.10-0ubuntu2.2~cloud0) xenial-queens; urgency=medium . * New update for the Ubuntu Cloud Archive. . cinder (2:12.0.10-0ubuntu2.2) bionic-security; urgency=medium . * SECURITY UPDATE: Arbitrary file access - debian/patches/CVE-2022-47951.patch: Check VMDK subformat against an allowed list. - debian/patches/use_json_format.patch: switch qemu_img_info to json format. - CVE-2022-47951 Checksums-Sha1: 99b30cc63ed59c343b62976546e9771d67910701 4747 cinder_12.0.10-0ubuntu2.2~cloud0.dsc 53963bd017350ead613b8fbc37ea8c0b6500a947 5370355 cinder_12.0.10.orig.tar.gz 15ea16f784e6cc5ada11d848bbcebcbcc64409f0 27648 cinder_12.0.10-0ubuntu2.2~cloud0.debian.tar.xz Checksums-Sha256: 4957a808c64aaa8ab86d89e78022861e351d18efac19642cdd5c5e6732b1fa33 4747 cinder_12.0.10-0ubuntu2.2~cloud0.dsc 4e1755fccb21989590ce476ab684c40e7034b74ce7190f6fd3014f274b92b2e4 5370355 cinder_12.0.10.orig.tar.gz 4e8777642ef955489a2b31a6cc121489880853c802b7bdaa4a48c25eb52f443d 27648 cinder_12.0.10-0ubuntu2.2~cloud0.debian.tar.xz Files: a78ab157684fa48be5a952fe1dab2563 4747 net extra cinder_12.0.10-0ubuntu2.2~cloud0.dsc a2f1db001585a3f1a4a9091f8d83fc4d 5370355 net extra cinder_12.0.10.orig.tar.gz 70e1c1d9bcec7191bd1aaa042a16dd25 27648 net extra cinder_12.0.10-0ubuntu2.2~cloud0.debian.tar.xz Original-Maintainer: Chuck Short