-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 05 Apr 2026 16:42:49 +0200 Source: glance Architecture: source Version: 2:30.0.0-3+deb13u1 Distribution: trixie Urgency: medium Maintainer: Debian OpenStack Changed-By: Thomas Goirand Closes: 1131274 Changes: glance (2:30.0.0-3+deb13u1) trixie; urgency=medium . * CVE-2026-34881 / OSSA-2026-004: Server-Side Request Forgery (SSRF) vulnerabilities in Glance image import. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Add upstream patch: - OSSA-2026-004_Fix_SSRF_vulnerabilities_in_image_import_API.patch. (Closes: #1131274). * Refreshed debian/patches/sql_conn-registry.patch. Checksums-Sha1: 2b7e30703cf292e625b31822e53cbcef3946d61e 3725 glance_30.0.0-3+deb13u1.dsc 1a3a91c71f97c7d1df4176f23bd0d99c1f73464e 27968 glance_30.0.0-3+deb13u1.debian.tar.xz 508345cf969a3fc23615fb7d1495367e8797ced1 19283 glance_30.0.0-3+deb13u1_amd64.buildinfo Checksums-Sha256: b3decc88d9e1afc5b811b1823844fdf396d84b313c3530ebf1c7e1a5303fdb2c 3725 glance_30.0.0-3+deb13u1.dsc 6288569f8baf87961074640492c2fe02a89f107ad4f01687845b6a16b3750c73 27968 glance_30.0.0-3+deb13u1.debian.tar.xz b2fa80fda5b39bd56a5e5bb3151b3858fd88e2776d2f10877d4fa8bb64a94204 19283 glance_30.0.0-3+deb13u1_amd64.buildinfo Files: 6f1d84dbf0b3005a3a0360b023fa7417 3725 net optional glance_30.0.0-3+deb13u1.dsc 5aceb9a4ee91fd2311f843a78d9db8cd 27968 net optional glance_30.0.0-3+deb13u1.debian.tar.xz e920e4c23174f17007376be29614431d 19283 net optional glance_30.0.0-3+deb13u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmnTqF8ACgkQ1BatFaxr Q/7vcg//bI2hGJI121avDQicRQQv2fGZmKb0VxkA8R4wRNkVV8fKQ7TX4dNeckXK GSHH7YxxoCknIPJTuQjJg5IPh5gG6mQNvs+83CLjruNh9pVvIFHiH4mo5GL8Fy/3 VQCzi3dV76sQ27crM962DpeFecB3ZIFTtSvrFAs5x98Hlf+aQdh7pp3+Kn1BSppz Arj2H2OkaHjaCA2KnSH3RfhrHgq++9vzjaNkf+YoZxMpVr7Kf02hXEEFc4V0NXf+ GQ5wu4TGh/loJhydhSlofC5YZj//AGz6efy5X2o1HDzbIVqwqULlcdt7TelH5OFP NdEoxRM7ohUhfTfoQW/Yv7lBbJ9VNfbAAGQN/YeQ93/3nPlgd80hg5TKQ/1rdji7 9cJHPB4mlPiG5jVIjOaVgE+ZAv512hy6awU3pyuuGn9lHZVZmtoHwDbRngB/yPms i7RZHV956kgTVTEmdAOsYu/2WvmRh4XxbM75mJALX5YyqGgJCuLW3pO3dJUXIkia P+GQ5dq0ydwxnC7QEPSVelnWfXd338xHcBbFyhXcBPxhmpmtq39iYLVYcS3w/2W6 9SXsxnecpJTEZxrYUWc+Y3s7uErVVcyrLTz9dPIOpTGHgeNzwYAoKKsNW6FF3baU b25eFrU28bNAQuP2qPyTnCiC/Fdz7tV4vAbC3X+og/6QaKAc2jk= =dhpB -----END PGP SIGNATURE-----