[ubuntu/quantal-security] cinder 2012.2.4-0ubuntu1.1 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Tue May 6 21:18:03 UTC 2014 

cinder (2012.2.4-0ubuntu1.1) quantal-security; urgency=medium

  * SECURITY UPDATE: ssl not enforced when qpid_protocol is set to ssl
    - debian/patches/CVE-2013-6491.patch: set the right parameter in
      cinder/openstack/common/rpc/impl_qpid.py.
    - CVE-2013-6491

cinder (2012.2.4-0ubuntu1) quantal-proposed; urgency=low

  * Dropped patches, applied upstream:
    - debian/patches/CVE-2013-1664.patch: [fcf249d]
  * Resynchronize with stable/folsom (7916a2f4) (LP: #1179707):
    - [ec46ee0] NetApp: Folsom driver wrongly allows creation of volumes of
      different size from snapshots LP: 1164473
    - [00e8049] Cannot delete snapshot in "error" state LP: 1143661
    - [ce516f6] fanout_cast_to_server in kombu calls wrong method LP: 1074113
    - [cdb72ee] Enable direct testing with nosetests
    - [e63fa95] Netapp: delete_volume leaves qtree behind LP: 1099414
    - [8e702a1] NetApp: Can't delete a volume in error state LP: 1090167
    - [2e7f717] Don't have permission to delete a volume in error state
      LP: 1084273
    - [ad2dddd] Volume can't be deleted if tgt has had a reconnect. LP: 1159948
    - [db0595a] [SRU] There is now a dependency on paramiko v1.8.0
      (LP: #1150720)
    - [a616001] Only use iscsi_helper config option if using ISCSIDriver
    - [cbad3e3] Can not create volume snapshot when using NfsDriver LP: 1097266
    - [95c9f6f] Volume type extra specs update with empty body returns HTTP
      status 422 LP: 1090320
    - [aeece14] ISCSITargetRemoveFailed: Failed to remove iscsi target
      LP: 1101071
    - [fcf249d] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
  * debian/patches/remove_paramiko_req_vers.patch: Remove version bump on
    paramiko requirement that was backported to stable/folsom.

cinder (2012.2.3-0ubuntu2) quantal-proposed; urgency=low

  * Re-sync with latest security updates.
  * SECURITY UPDATE: fix denial of service
    - CVE-2013-1664.patch: Add a new utils.safe_minidom_parse_string function
      and update external API facing Cinder modules to use it
    - CVE-2013-1664

cinder (2012.2.3-0ubuntu1) quantal-proposed; urgency=low

  * Resynchronize with stable/folsom (a8caa79f) (LP: #1116671):
    - [cdf6c13] Root wrap tools used by NFS volume driver LP: 1087282

Date: 2014-03-19 19:42:12.138742+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Maintainer: Chuck Short <chuck.short at canonical.com>
Signed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/cinder/2012.2.4-0ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Quantal-changes mailing list