[ubuntu/trusty-security] glance 1:2014.1.5-0ubuntu1.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Oct 11 11:15:47 UTC 2017

glance (1:2014.1.5-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: access restrictions bypass via status changing
    - debian/patches/CVE-2015-5251.patch: prevent image status being
      directly modified in glance/api/v1/__init__.py,
      glance/api/v1/images.py, glance/tests/functional/v1/test_api.py,
    - CVE-2015-5251
  * SECURITY UPDATE: storage quota bypass
    - debian/patches/CVE-2015-5286.patch: cleanup chunks for deleted image
      if token expired in glance/api/v1/upload_utils.py,
    - CVE-2015-5286
  * SECURITY UPDATE: image status manipulation through locations removal
    - debian/patches/CVE-2016-0757.patch: prevent user from removing last
      location of the image in glance/api/v2/images.py,
    - CVE-2016-0757

glance (1:2014.1.5-0ubuntu1) trusty; urgency=medium

  * Resynchronize with stable/icehouse (f66170d) (LP: #1467533):
    - [f66170d] Fix Icehouse RBD delete image on creation failure
  * d/p/fix-requirements.patch: Rebased

glance (1:2014.1.4-0ubuntu2) trusty; urgency=medium

  * d/control: Set minimum python-six dependency to 1.5.2 (LP: #1403114).

glance (1:2014.1.4-0ubuntu1) trusty; urgency=medium

  * Resynchronize with stable/icehouse (81ea399) (LP: #1432608):
    - [f1260cc] Cleanup chunks for deleted image that was 'saving'
    - [7d3a1db] Prevent file, swift+config and filesystem schemes
    - [8bdb7ed] To prevent client use v2 patch api to handle file and swift location
    - [4b5cb74] Can not delete images if db deadlock occurs
    - [ef77c79] Move oslo.vmware higher in requirements.txt
    - [312e93e] Make rbd store's pool handling more universal
    - [81ea399] Do not log password in swift URLs in g-registry
  * d/p/fix-requirements.patch: Rebased

glance (1:2014.1.3-0ubuntu1) trusty; urgency=medium

  [ Corey Bryant ]
  * Resynchronize with stable/icehouse (01ebe84) (LP: #1377136):
    - [f43b1c2] Block sqlalchemy-migrate 0.9.2
    - [d0453ae] Check on schemes not stores
    - [bba31d0] Fix collection order issues and unit test failures
    - [31a4d18] Enforce image_size_cap on v2 upload
    - [fcc9379] Fix image killed after deletion
    - [01ebe84] Set python hash seed to 0 in tox.ini

Date: 2017-08-25 20:07:13.198463+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Maintainer: OpenStack Ubuntu packagers <openstack-packaging at lists.ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list