[Git][security-tracker-team/security-tracker][master] dla: re-add nova

Sylvain Beucler (@beuc) beuc at debian.org
Thu Mar 2 12:56:11 GMT 2023 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f34a70c0 by Sylvain Beucler at 2023-03-02T13:56:21+01:00
dla: re-add nova

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -167,6 +167,20 @@ node-nth-check
   NOTE: 20221223: Module has been rewritten in Typescript since Buster released (lamby).
   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/node-nth-check.git
 --
+nova
+  NOTE: 20230302: Programming language: Python.
+  NOTE: 20230302: VCS: https://salsa.debian.org/openstack-team/services/nova
+  NOTE: 20230302: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/OpenStack.html
+  NOTE: 20230302: Maintainer notes: Contact original maintainer: zigo.
+  NOTE: 20230302: zigo says that DLA 3302-1 ships a buster-specific CVE-2022-47951 backport that introduces regression
+  NOTE: 20230302: (it's meant to check whether a VMDK image has the "monoliticFlat" subtype, but in practice it breaks compute nodes);
+  NOTE: 20230302: cf. debian/patches/cve-2022-47951-nova-stable-rocky.patch, which depends on images_*.patch.
+  NOTE: 20230302: "The upstream patch introduces a whitelist of allowed subtype (with monoliticFlat disabled by default).
+  NOTE: 20230302:  Though in the Buster codebase, there was no infrastructure to check for this subtype ..." (zigo)
+  NOTE: 20230302: Later suites (e.g. bullseye) ship a direct upstream patch and are not affected.
+  NOTE: 20230302: We can either rework the patch, or disable .vmdk support entirely.
+  NOTE: 20230302: zigo currently has no time and requests the LTS team to do it (IRC #debian-lts 2023-03-02). (Beuc/front-desk)
+--
 nvidia-graphics-drivers
   NOTE: 20221225: Programming language: binary blob.
   NOTE: 20230103: Cf. on-going discussion on nvidia support (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f34a70c0ad16a314556b288330d49c8460e11495

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f34a70c0ad16a314556b288330d49c8460e11495
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230302/97122fbc/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list