[ubuntu/trusty-updates] swift 1.13.1-0ubuntu1.5 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Oct 11 13:28:23 UTC 2017

swift (1.13.1-0ubuntu1.5) trusty-security; urgency=medium

  [ Jamie Strandboge ]
  * SECURITY UPDATE: disallow unsafe tempurl operations to point to
    unauthorized data
    - debian/patches/CVE-2015-5223.patch: disallow creation of DLO object
      manifests if non-safe tempurl request includes X-Object-Manifest header
    - CVE-2015-5223
    - LP: #1453948

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via incorrectly closed client connections
    - debian/patches/CVE-2016-0737.patch: get better at closing WSGI
      iterables in swift/common/middleware/dlo.py,
      swift/common/middleware/slo.py, swift/common/request_helpers.py,
      swift/common/swob.py, swift/common/utils.py,
    - CVE-2016-0737
  * SECURITY UPDATE: DoS via incorrectly closed server connections
    - debian/patches/CVE-2016-0738.patch: fix memory/socket leak in proxy
      on truncated SLO/DLO GET in swift/common/request_helpers.py,
    - CVE-2016-0738
  * Thanks to Red Hat for the patch backports!
  * debian/patches/fix-ubuntu-tests.patch: disable another test that no
    longer works on buildds.

Date: 2017-09-12 14:49:13.640264+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list