-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: cinder Binary: python-cinder, cinder-common, cinder-api, cinder-volume, cinder-scheduler, cinder-backup Architecture: all Version: 2014.1.3-11+deb8u1 Maintainer: PKG OpenStack <[email protected]> Uploaders: Thomas Goirand <[email protected]>, Gustavo Panizzo <[email protected]> Homepage: http://cinder.openstack.org/ Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=openstack/cinder.git;a=summary Vcs-Git: git://anonscm.debian.org/openstack/cinder.git Build-Depends: debhelper (>= 9), dh-systemd, openstack-pkg-tools (>= 22~), po-debconf, python-all (>= 2.6.6-3~), python-pbr (>= 0.6), python-setuptools, python-sphinx Build-Depends-Indep: python-amqplib, python-anyjson (>= 0.3.3), python-babel (>= 1.3), python-coverage (>= 3.6), python-daemon, python-eventlet (>= 0.13.0), python-fixtures (>= 0.3.14), python-glanceclient (>= 1:0.9.0), python-greenlet (>= 0.3.2), python-hacking (>= 0.8.0), python-hp3parclient (>= 3.0), python-hplefthandclient, python-iso8601 (>= 0.1.9), python-keystoneclient (>= 1:0.7.0), python-kombu (>= 2.5.12), python-lockfile, python-lxml, python-migrate (>= 0.8.2), python-mock (>= 1.0), python-mox, python-mysqldb, python-netaddr, python-novaclient (>= 2:2.17.0), python-oslo.config (>= 1:1.2.1), python-oslo.messaging (>= 1.3.0~a9), python-oslo.rootwrap, python-oslosphinx, python-paramiko (>= 1.9.0), python-paste, python-pastedeploy, python-psycopg2, python-requests (>= 1.1), python-routes, python-rtslib-fb, python-six (>= 1.6.0), python-sqlalchemy, python-stevedore (>= 0.14), python-subunit (>= 0.0.18), python-suds, python-swiftclient (>= 1:1.6.0), python-taskflow (>= 0.1.3), python-testtools (>= 0.9.34), python-webob (>= 1.2.3), subunit (>= 0.0.18), testrepository (>= 0.0.18) Package-List: cinder-api deb net extra arch=all cinder-backup deb net extra arch=all cinder-common deb net extra arch=all cinder-scheduler deb net extra arch=all cinder-volume deb net extra arch=all python-cinder deb python extra arch=all Checksums-Sha1: 87ac3f63c7a400517b27485a3cd28503371c918b 1057900 cinder_2014.1.3.orig.tar.xz 8c4b4f50548effcdfe9d66ebca11ead4c888a5b8 388652 cinder_2014.1.3-11+deb8u1.debian.tar.xz Checksums-Sha256: f552a73ecc1024aa765029171a50abebb5bfaf4d2d0f3384558118406ceadedc 1057900 cinder_2014.1.3.orig.tar.xz a93ba1d1b8b49807fe94b488e9ac2b8ef4bdc3ef8cc4dcefb1bde06a68df32c2 388652 cinder_2014.1.3-11+deb8u1.debian.tar.xz Files: 915ad0a7b5ae87a55362c984f2bfaa93 1057900 cinder_2014.1.3.orig.tar.xz c5ee30d39dbf95b9b8501b9c68748832 388652 cinder_2014.1.3-11+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVg8jAAAoJENQWrRWsa0P+578P/i/PbZJYH3eQc8M8PDWDCXh2 9x5MVRL/tG7y9So03qyPhkQTgHP523awHoeL1/YqjKuqRsrXDQiCO1401eZJp1Hu /n+L5xCA+zvFRtOBdMVFeMLpOPk9KVqC9giVethThp4VwhnXu4/hmj+auvxyuBvv oM74zJF3cqX4XQAE/wEdNW3PZwknL3YdUt5Bain8FfIIlXambO9F3XM/DbBE2ioH psNckUVreIYNQPFNb4JEdTzWrsLoJ1QXFRWOCJRiZBxfD9d18Qi8umwQh9ES+9Ml iNyXSPigj/QbFZb/lgKR0/oB20F7ASG+CBSVKvj+ZF5Sk1xIwzCRszxkN3D0yYXE 5H5UBcaq0VcWICwAxdPPB3QR3V7micyTXQ79dDaAbJVXrmuVc/fxnHbR6nk34mAE URzXD6efzod7vikl6dTscbdhrKiNaokLw++v76mr/xYWA9f1d5K8kK2IBL3peGoM GLI3ipIYsQQ9dPj8B2BCNSS/z5Q4ESo+djHnsAyn10WURoo8+hw4sWdNCIwOJ4ZU H+b4BHSoDcZSTuqwpZ/Pduw9D+tkXCZ2n60YazaU0jsVV2XepwLmgtd9+9APcOHl oPmy1IerbTmJZFvCxaWBUbw9GS63ZQYxXh3RD2cCDCzhlPw+eEkpDqkvc5pN0ZSY OTSDfx6tWQve0HH+K0Dc =hqD5 -----END PGP SIGNATURE----- Changes: cinder (2014.1.3-11+deb8u1) jessie-security; urgency=medium * CVE-2015-1851: Cinder host file disclosure through qcow2 backing file. Applied upstream patch (Closes: #788996): Disallow_backing_files_when_uploading_volumes_to_image.patch -- Thomas Goirand <[email protected]> Wed, 17 Jun 2015 00:07:12 +0200
