[ubuntu/trusty-security] swift 1.13.1-0ubuntu1.5 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Oct 11 11:56:40 UTC 2017
swift (1.13.1-0ubuntu1.5) trusty-security; urgency=medium
[ Jamie Strandboge ]
* SECURITY UPDATE: disallow unsafe tempurl operations to point to
unauthorized data
- debian/patches/CVE-2015-5223.patch: disallow creation of DLO object
manifests if non-safe tempurl request includes X-Object-Manifest header
- CVE-2015-5223
- LP: #1453948
[ Marc Deslauriers ]
* SECURITY UPDATE: DoS via incorrectly closed client connections
- debian/patches/CVE-2016-0737.patch: get better at closing WSGI
iterables in swift/common/middleware/dlo.py,
swift/common/middleware/slo.py, swift/common/request_helpers.py,
swift/common/swob.py, swift/common/utils.py,
test/unit/common/middleware/helpers.py,
test/unit/common/middleware/test_dlo.py,
test/unit/common/middleware/test_slo.py.
- CVE-2016-0737
* SECURITY UPDATE: DoS via incorrectly closed server connections
- debian/patches/CVE-2016-0738.patch: fix memory/socket leak in proxy
on truncated SLO/DLO GET in swift/common/request_helpers.py,
test/unit/common/middleware/test_slo.py.
- CVE-2016-0738
* Thanks to Red Hat for the patch backports!
* debian/patches/fix-ubuntu-tests.patch: disable another test that no
longer works on buildds.
swift (1.13.1-0ubuntu1.3) trusty; urgency=medium
* Fix issue where swift daemons crash while writing logs to a stopped
rsyslogd /dev/log socket. (LP: #1683076)
- d/patches/fix-infinite-recursion-logging.patch: Cherry-picked from
upstream stable/newton branch to avoid infinite loops when logging
while rsyslogd is stopped.
Date: 2017-09-12 14:49:13.640264+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/swift/1.13.1-0ubuntu1.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list