[ubuntu/trusty-updates] glance 1:2014.1.5-0ubuntu1.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Oct 11 11:58:14 UTC 2017
glance (1:2014.1.5-0ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: access restrictions bypass via status changing
- debian/patches/CVE-2015-5251.patch: prevent image status being
directly modified in glance/api/v1/__init__.py,
glance/api/v1/images.py, glance/tests/functional/v1/test_api.py,
glance/tests/integration/legacy_functional/test_v1_api.py,
test-requirements.txt.
- CVE-2015-5251
* SECURITY UPDATE: storage quota bypass
- debian/patches/CVE-2015-5286.patch: cleanup chunks for deleted image
if token expired in glance/api/v1/upload_utils.py,
glance/api/v2/image_data.py.
- CVE-2015-5286
* SECURITY UPDATE: image status manipulation through locations removal
- debian/patches/CVE-2016-0757.patch: prevent user from removing last
location of the image in glance/api/v2/images.py,
glance/tests/functional/v2/test_images.py,
glance/tests/unit/v2/test_images_resource.py.
- CVE-2016-0757
Date: 2017-08-25 20:07:13.198463+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Maintainer: OpenStack Ubuntu packagers <openstack-packaging at lists.ubuntu.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/glance/1:2014.1.5-0ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list