[ubuntu/precise-security] nova 2012.1.3+stable-20130423-e52e6912-0ubuntu1.4 (Accepted)
Jamie Strandboge
jamie at ubuntu.com
Tue Jun 17 21:19:35 UTC 2014
nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1.4) precise-security; urgency=medium
* SECURITY UPDATE: ssl not enforced when qpid_protocol is set to ssl
- debian/patches/CVE-2013-6491.patch: set the right parameter in
nova/rpc/impl_qpid.py
- LP: #1158807
- CVE-2013-6491
* SECURITY UPDATE: information disclosure via incorrect KVM live block
migration
- debian/patches/CVE-2013-7130.patch: fix root disk leak in
nova/virt/libvirt/connection.py, add upstream test and additional test
(test_create_images_and_backing_full()) to nova/tests/test_libvirt.py
- CVE-2013-7130
* SECURITY UPDATE: denial of service via disk consumption
- debian/patches/CVE-2013-446x.patch: don't boot oversized images in
nova/virt/images.py, and nova/virt/libvirt/connection.py. Update tests
in nova/tests/test_libvirt.py
- CVE-2013-4463
- CVE-2013-4469
Date: 2014-05-14 20:20:11.768334+00:00
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/nova/2012.1.3+stable-20130423-e52e6912-0ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list