[ubuntu/quantal-security] glance 2012.2.4-0ubuntu1.1 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Wed Oct 23 19:23:35 UTC 2013 

glance (2012.2.4-0ubuntu1.1) quantal-security; urgency=low

  * SECURITY UPDATE: enforce 'download_image' policy in cache middleware
    - debian/patches/CVE-2013-4428.patch: fix confusing behavior when using
      download_image. Ie, return 403 rather than empty content (LP: #1235378)
    - CVE-2013-4428

glance (2012.2.4-0ubuntu1) quantal-proposed; urgency=low

  [ Adam Gandelman ]
  * Dropped patches, applied upstream:
    - debian/patches/CVE-2013-1840.patch: [dd849a9]
  * Resynchronize with stable/folsom (dbd3d3d7) (LP: #1179707):
    - [cfaa2d8] repeated deletion on image member does not result in 404
      LP: 1157427
    - [5b4d21d] glance-cache-prefetcher explodes when no auth parameters were
      configured LP: 1157765
    - [dd849a9] v1 api returns location as header for cached images LP: 1135541
    - [04f88c8] 500 error returned when an Admin tries to delete membership of
      image from a non-existent /invalid tenant LP: 1060868
    - [5597697] Fragile Test:
      glance.tests.functional.test_bin_glance:TestBinGlance.test_update_copying_from
      LP: 1107768
    - [5183360] filesystem store does not clean up after premature termination
      of image upload LP: 1104924
    - [03dc862] mismatched image size or checksum leaves behind dangling image
      data LP: 1122299
    - [12d28c3] UserWarning on deprecation of legacy glance client inappropriate
      for internal usage LP: 1129445
    - [afe6166] 'glance-cache-manage list-cached' does not show 'last accessed'
      and 'last modified' fields in human-readable format' LP: 1102334
    - [ee13560] Fix broken JSON schemas in v2 tests

  [ Chuck Short ]
  * debian/patches/disable-swift-tests.patch: Refreshed.

glance (2012.2.3-0ubuntu2) quantal-proposed; urgency=low

  * Resync with latest security update.
  * SECURITY UPDATE: fix information disclosure via Glance v1 API
    - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
      not show image_meta['location']
    - CVE-2013-1840

glance (2012.2.3-0ubuntu1) quantal-proposed; urgency=low

  * Dropped patches, applied upstream:
    - debian/patches/CVE-2013-0212.patch: [96a470b]
  * Resynchronize with stable/folsom (98d9928a) (LP: #1116671):
    - [96a470b] glance image-download can display backend Swift password
    - [4c96080] install throws errors about SADeprecationWarning LP: 925609
    - [bca6e26] wsgi.Middleware forward-compatibility with webob 1.2b1 or later
    - [5e5e722] Supplied image size should be verified against actual size
      LP: 1092584
    - [514b4b4] silent failure when loading the paste deploy app LP: 1091294

Date: 2013-10-22 19:47:16.654826+00:00
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: OpenStack Ubuntu packagers <openstack-packaging at lists.ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/glance/2012.2.4-0ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Quantal-changes mailing list