-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 06 Feb 2026 10:34:57 +0100
Source: nova
Binary: nova-api nova-common nova-compute nova-compute-ironic nova-compute-kvm nova-compute-lxc nova-compute-qemu nova-conductor nova-consoleproxy nova-doc nova-scheduler python3-nova
Architecture: all
Version: 2:31.0.0-6+deb13u2
Distribution: trixie-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
 nova-api   - OpenStack Compute - compute API frontend
 nova-common - OpenStack Compute - common files
 nova-compute - OpenStack Compute - compute node
 nova-compute-ironic - OpenStack Compute - compute node (Ironic)
 nova-compute-kvm - OpenStack Compute - compute node (KVM)
 nova-compute-lxc - OpenStack Compute - compute node (LXC)
 nova-compute-qemu - OpenStack Compute - compute node (QEmu)
 nova-conductor - OpenStack Compute - conductor service
 nova-consoleproxy - OpenStack Compute - NoVNC proxy
 nova-doc   - OpenStack Compute - documentation
 nova-scheduler - OpenStack Compute - virtual machine scheduler
 python3-nova - OpenStack Compute - libraries
Closes: 1128294
Changes:
 nova (2:31.0.0-6+deb13u2) trixie-security; urgency=high
 .
   * CVE-2026-24708/OSSA-2026-002: By writing a malicious QCOW header to a root
     or ephemeral disk and then triggering a resize, a user may convince Nova's
     flat image backend to call qemu-img without a format restriction resulting
     in an unsafe image resize operation that could destroy data on the host
     system. Appiled upstream patch (Closes: #1128294):
     - cve-2026-24708-make-disk.extend-pass-format-to-qemu-img-2025.1.patch
Checksums-Sha1:
 6c0c965974d021d18f59390fdcd356ca926ea030 32644 nova-api_31.0.0-6+deb13u2_all.deb
 335a799d9d7766b4002dcefe27d5e11367e43c6d 138720 nova-common_31.0.0-6+deb13u2_all.deb
 516ef84d6e700582e020ddb67229d9181960f45e 10808 nova-compute-ironic_31.0.0-6+deb13u2_all.deb
 13453ab5aac972557d1d3ba7c240df9ad5d5fbf9 11032 nova-compute-kvm_31.0.0-6+deb13u2_all.deb
 ba227248238e312428bbf556168b1b3724556164 10872 nova-compute-lxc_31.0.0-6+deb13u2_all.deb
 3644305c2dcce38cca7f9e8067b3d20a1b317a76 10884 nova-compute-qemu_31.0.0-6+deb13u2_all.deb
 0e45153c33ea60f7038193756bb5ce4164161e98 17424 nova-compute_31.0.0-6+deb13u2_all.deb
 63766560c7d2abbf581728b16c67027341cd7c5a 16748 nova-conductor_31.0.0-6+deb13u2_all.deb
 9dba02049a2a4ce101b89b32bd328991dd152f25 22012 nova-consoleproxy_31.0.0-6+deb13u2_all.deb
 51425eb6863e216b2aa876fda7f6528f1d2df608 3214160 nova-doc_31.0.0-6+deb13u2_all.deb
 3fb720e84d38d7185ebade9cd663be36fae89dd8 16780 nova-scheduler_31.0.0-6+deb13u2_all.deb
 128588112eece55b284ab56d7ebad5491d67ac05 25850 nova_31.0.0-6+deb13u2_all-buildd.buildinfo
 3af8be083c17622143ed97a45b92b0eba706c67f 3092876 python3-nova_31.0.0-6+deb13u2_all.deb
Checksums-Sha256:
 b9bcf644b06289badf17f372485fd2a3d7112714a33455deffdee8e227297aed 32644 nova-api_31.0.0-6+deb13u2_all.deb
 41e26da1bd49310366f72231b5d207afc665f3f3aa4eb78c24b9ffcbc305a813 138720 nova-common_31.0.0-6+deb13u2_all.deb
 a1835afab1817a52570063227248d72d3a9107165fdfb0dae18362fffaafa6b0 10808 nova-compute-ironic_31.0.0-6+deb13u2_all.deb
 c8ef5ef0d4a8c3785082ca35b7a3457c87701a1a62ab24dc57480c5b62386b0a 11032 nova-compute-kvm_31.0.0-6+deb13u2_all.deb
 b936d061cff159970a248e7aa9797a40551b2dee8362a6b335cce1fc2f230213 10872 nova-compute-lxc_31.0.0-6+deb13u2_all.deb
 364b1c3764e6317e7f21e009e8b3c69e533178e80340533b300b8ee1213d014c 10884 nova-compute-qemu_31.0.0-6+deb13u2_all.deb
 dcd6e8887ad4cceda2683c651f67f0ac5503510bdb95529d3e52cf57f6d18ada 17424 nova-compute_31.0.0-6+deb13u2_all.deb
 2e1f70e41335cca9ba568d9ee571e49931ef5a508c3947f136defbeb43def6f6 16748 nova-conductor_31.0.0-6+deb13u2_all.deb
 43273603e4ad2cae4fc1297607c3b18d46ef4da73ce87de9565ceb9d5d303e0b 22012 nova-consoleproxy_31.0.0-6+deb13u2_all.deb
 0ac1bb83a0e3dc048b1630dcf47b3a9698f8600abe8d7b8c97737f0c5abb4eb5 3214160 nova-doc_31.0.0-6+deb13u2_all.deb
 cf4ee017412a5d4d590c8ea03ec972c284f26c97f5acada44ea421efc5eb6261 16780 nova-scheduler_31.0.0-6+deb13u2_all.deb
 35908f8a36cb2804b4e1b199ef2ed6311f46cf27378343f9759bac64f5a6493e 25850 nova_31.0.0-6+deb13u2_all-buildd.buildinfo
 62fb3114a8ddb25cc51ae6b9746ad0655b34d1378fe0142daea30d818af85cef 3092876 python3-nova_31.0.0-6+deb13u2_all.deb
Files:
 2776e2ac09288795c85904414aed96a6 32644 net optional nova-api_31.0.0-6+deb13u2_all.deb
 8b25713d14e2d5c32339b9f8159b2406 138720 net optional nova-common_31.0.0-6+deb13u2_all.deb
 938170f087f33090e719abc1b3f0dc6f 10808 net optional nova-compute-ironic_31.0.0-6+deb13u2_all.deb
 69ca19751532d601c6ad8a7fe47e0914 11032 net optional nova-compute-kvm_31.0.0-6+deb13u2_all.deb
 3b65eaf28449b3111507078997b93db4 10872 net optional nova-compute-lxc_31.0.0-6+deb13u2_all.deb
 8da9d49b595171085f0eb21f509cdc21 10884 net optional nova-compute-qemu_31.0.0-6+deb13u2_all.deb
 9b0cc2524e1dcfdd0db87159a84dbd09 17424 net optional nova-compute_31.0.0-6+deb13u2_all.deb
 99947d0e1b06fbdc3fcc2f2ec3b1b8ad 16748 net optional nova-conductor_31.0.0-6+deb13u2_all.deb
 5deab6cabcee148d00d437d51ad5f076 22012 net optional nova-consoleproxy_31.0.0-6+deb13u2_all.deb
 857fc0e26b30fea66f8d7b2eb55dc710 3214160 doc optional nova-doc_31.0.0-6+deb13u2_all.deb
 a815d035d3215adaae23859f62d04427 16780 net optional nova-scheduler_31.0.0-6+deb13u2_all.deb
 993e5a736e2b522e59fd466392410f65 25850 net optional nova_31.0.0-6+deb13u2_all-buildd.buildinfo
 32a4233e67028040e2c27b824b3ed2fb 3092876 python optional python3-nova_31.0.0-6+deb13u2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEj4Fym5GgeZdPqKhrJm69HxMTN+oFAmmUj9wACgkQJm69HxMT
N+q4RRAAmxLp3sdhOAvWP05oXzNaYWdEYZjickgYQvNYdcGKzhZPe0TDWuWjGF9l
eZ9NI87CRD9W9c4VLq+xCzodHOVToo2/B/g9Nvo1/9uisQXwXGwu4pr0F4islVsN
XJ8G9i0gsXldiQhmdiqkJFIxMCx1tks6A9URjAAKqEn3woVxBtEVKkxjkjURYa5Q
cDSa4HOqwnNYEH3a72HfGAo8M8BEEUJgvA7+n6jb5QkTedfJ+XdnDma+lO49Oi+O
Oy53ul3IC3epMmZ6Nkfa1gGJteS8VoGKemIKzZyZAlS2xnepokKi2Q6SMMI17pcP
iZ7qFjQ/PsaCxSUM5Sgjvu1PQjmu+EGOKm1S4p7lU4kRty9DK6OIv3ScbamQSEYG
Rhv+114SlQ+be8ii2qzJDPhj8dtag7IWpnEgLemhOp7DNu31BOqqITfmxXuSAhsQ
VKTgcD/8h4bA1kaOTWoAltm2ktl+zEw1l75+FZEu+RifqcL7JMLm8g2Jf7RdR+mE
VvctOejc5zeb9PVysPOLeIUtUoShetvLp+gVb6bizgwauTzAEI4dMHdGnVxm7F7C
dIDmZB7Y0Yi2JtFY4hVV0U/YZNMY2FDpsSvOda/knLFPaPvwP707uWPEX2aLoVU7
1nmC7PDHeRBmD2JMCQzKYEHo1CaCohd4cx5VXejoimbegLg3lMA=
=DP8O
-----END PGP SIGNATURE-----