[ubuntu/trusty-security] swift 1.13.1-0ubuntu1.2 (Accepted)

Seth Arnold seth.arnold at canonical.com
Thu Aug 6 02:06:43 UTC 2015


swift (1.13.1-0ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: metadata constraint bypass via multiple requests
    - debian/patches/CVE-2014-7960.patch: add metadata checks to
      swift/account/server.py, swift/common/constraints.py,
      swift/common/db.py, swift/container/server.py, added tests to
      test/functional/test_account.py, test/functional/test_container.py,
      test/unit/common/test_db.py.
    - CVE-2014-7960
  * SECURITY UPDATE: object deletion via x-versions-location container
    - debian/patches/CVE-2015-1856.patch: prevent unauthorized delete in
      swift/proxy/controllers/obj.py, added tests to
      test/functional/tests.py, test/unit/proxy/test_server.py.
    - CVE-2015-1856

Date: 2015-07-22 15:53:12.469645+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Seth Arnold <seth.arnold at canonical.com>
https://launchpad.net/ubuntu/+source/swift/1.13.1-0ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list