Publishing details

• Published on 2023-04-29

Changelog

cinder (2:17.0.1-1+deb11u1) bullseye-security; urgency=high

  * CVE-2022-47951: By supplying a specially created VMDK flat image which
    references a specific backing file path, an authenticated user may convince
    systems to return a copy of that file's contents from the server resulting
    in unauthorized access to potentially sensitive data. Add upstream patch
    cve-2022-47951-cinder-stable-victoria.patch (Closes: #1029562).

 -- Thomas Goirand <email address hidden>  Wed, 18 Jan 2023 09:06:59 +0100

Builds

Package files

• cinder_17.0.1-1+deb11u1.debian.tar.xz (48.5 KiB)
• cinder_17.0.1-1+deb11u1.dsc (4.3 KiB)
• cinder_17.0.1.orig.tar.xz (3.8 MiB)