cinder (2:21.0.0-3)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/openstack-team/services/cinder.git
-
- Branch: debian/zed
- Path: debian/changelog
- Repo size: 150663168
- Browser: https://salsa.debian.org/openstack-team/services/cinder
- Last scan: 2023-01-27 15:07:50+00
- Next scan: 2023-02-04 03:54:00+00
- Merge requests: 1
- CI pipeline status: failed
- Debian changelog in Git:
cinder (2:21.0.0-3) unstable; urgency=high
* CVE-2022-47951: By supplying a specially created VMDK flat image which
references a specific backing file path, an authenticated user may convince
systems to return a copy of that file's contents from the server resulting
in unauthorized access to potentially sensitive data. Add upstream patch
CVE-2022-47951_Check_VMDK_subformat_against_an_allowed_list.patch
(Closes: #1029562).
-- Thomas Goirand <zigo@debian.org> Tue, 24 Jan 2023 17:19:39 +0100
- This branch is even with tag debian/21.0.0-3