Package "cinder-common"

  cinder (2:20.3.1-0ubuntu1.4) jammy-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
    (LP: #2059809)
    - debian/patches/CVE-2024-32498.patch: check for external qcow2 data
      file.
    - debian/control: added qemu-utils to Build-Depends so qemu-img is
      available for new tests.
    - CVE-2024-32498

 -- Marc Deslauriers <email address hidden> Fri, 28 Jun 2024 18:00:06 -0400

  cinder (2:20.2.0-0ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088.patch: Reject unsafe delete
      attachment calls.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Wed, 31 May 2023 16:26:58 -0400

  cinder (2:20.1.0-0ubuntu2.2) jammy-security; urgency=medium

  * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
    - debian/patches/series: Do not apply CVE-2023-2088.patch until
      patches are ready for all upstream OpenStack projects.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Thu, 18 May 2023 11:40:16 -0400

  cinder (2:20.1.0-0ubuntu2.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Unauthorized File Access
    - debian/patches/CVE-2023-2088.patch: Reject unsafe delete
      attachment calls.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Thu, 04 May 2023 15:55:29 +0200

  cinder (2:20.1.0-0ubuntu1) jammy-security; urgency=medium

  * New stable point release for OpenStack Yoga (LP: #2004030).

 -- Corey Bryant <email address hidden> Fri, 27 Jan 2023 10:57:40 -0500