Control: tag -1 pending Hello,
Bug #1128294 in nova reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/openstack-team/services/nova/-/commit/299dce4942f9d178393d32ad95ab52743a032a62 ------------------------------------------------------------------------ * CVE-2026-24708/OSSA-2026-002: By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's flat image backend to call qemu-img without a format restriction resulting in an unsafe image resize operation that could destroy data on the host system. Appiled upstream patch (Closes: #1128294): - cve-2026-24708-make-disk.extend-pass-format-to-qemu-img-2025.1.patch ------------------------------------------------------------------------ (this message was generated automatically) -- Greetings https://bugs.debian.org/1128294
