-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 19 Mar 2026 17:08:44 +0100
Source: glance
Architecture: source
Version: 2:25.1.0-2+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1131274
Changes:
 glance (2:25.1.0-2+deb12u2) bookworm; urgency=medium
 .
   * CVE-2026-34881 / OSSA-2026-004:
     Server-Side Request Forgery (SSRF) vulnerabilities in Glance image import.
     By use of HTTP redirects, an authenticated user can bypass URL validation
     checks and redirect to internal services. Add upstream patch:
     - OSSA-2026-004_Fix_SSRF_vulnerabilities_in_image_import_API.patch.
     (Closes: #1131274).
Checksums-Sha1:
 ac0183853199f7db8c845026be3e2a4e126f1d81 3829 glance_25.1.0-2+deb12u2.dsc
 23f5c40a5360f1d0981f257a4e8ff07363576458 39816 glance_25.1.0-2+deb12u2.debian.tar.xz
 7979021bd8e39a2f6b37dbaf4957d6a025eaa44b 19527 glance_25.1.0-2+deb12u2_amd64.buildinfo
Checksums-Sha256:
 c4f55f941753f9e87cd379bc3136a0970d0d2432003b45f4d30f5de8d3cfde34 3829 glance_25.1.0-2+deb12u2.dsc
 0b30e2296fc0dae6969899b434e41c44c514b4efd89edc885af1ba58cfbb8ab2 39816 glance_25.1.0-2+deb12u2.debian.tar.xz
 75b4b8bfd3074f377470c79eb815ef75762e73bb22e17f737cc5e0bed2a2fb51 19527 glance_25.1.0-2+deb12u2_amd64.buildinfo
Files:
 c7be626622b2fe8351e32760dcf8a206 3829 net optional glance_25.1.0-2+deb12u2.dsc
 b6bf1fb98f17a5f60ff365c1b434d355 39816 net optional glance_25.1.0-2+deb12u2.debian.tar.xz
 093bae98bb9f21fd2f26a2228cae88b0 19527 net optional glance_25.1.0-2+deb12u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmnTqVYACgkQ1BatFaxr
Q/40eQ/9E5Tnrj7V+HukngfhaifF2Uxf8LGYpjEBmdiOSbEdiFWAamdrCC8a+db6
rJTnoEj3av20LvseD9XyfYY3tRQBHKd9kX4xwZ+O5wNC76EowCSrnlkbP1+/Cdc9
ofdGS7KHSS+7vnruSP6VcxI3RFlceM+CbOefLWesIN9Jc37kOa391MEJ5AKS82eW
35BvufPqBHKUzdpfmI+FI+6XAnbWiwbEiAZr6jnBCGfUsQdgNc0B4iQlUI3HRu6a
CnJL0Du0zWN0cPyFBdP+ZSeHUDsC60CLzWPVtoDTktg/kbJ48Ha5wPoVuEBNKe8X
yQETDZjXQFIi1Y+q0UFhKlgMpxmISIimadtMpoop5poMZ/uoWBzQccLZmDQrNF7+
mfskazrfq+xnUav8K2elZm5AKTRA5Z8AlxsnuZNh1q/Vto/VdZvvtEr8Jb4IRJxu
j8xnKR6GmO5qsMLo6N3/GA+97h3RU7DX70XD5QGd1+2oqEfQXPjmkr9mTbOPJWCy
PT5sgrk5bZGnDdqA369QtgwgOzBR/zbwXsIIDXOhGhudmkM5Z0tjy1mgwLO90cqW
XRoFj/1f6C8gn7HGR1xkzhjlKAS0MPYLpWd5Q62b63MVYjrVay6SjSHMgy3Bs3f1
GF7aHDuJZSsxMVWHmYiKE0Q5hQXjT0UbTMIsnHZ//Cgjz6AhmIo=
=gf1W
-----END PGP SIGNATURE-----