[Bug 1089488] Re: [SRU] Meta bug for tracking Nova stable-essex updates
Yolanda Robla
yolanda.robla at canonical.com
Wed Dec 12 17:15:21 UTC 2012
** Also affects: horizon
Importance: Undecided
Status: New
** Changed in: horizon
Status: New => Confirmed
** Summary changed:
- [SRU] Meta bug for tracking Nova stable-essex updates
+ Meta bug for tracking Openstack Stable Updates
** No longer affects: horizon
** Also affects: horizon (Ubuntu)
Importance: Undecided
Status: New
** Changed in: horizon (Ubuntu)
Status: New => Confirmed
** Description changed:
- This is a meta-bug used for tracking progress of new updates to Essex to
- Nova project.
+ This is a meta-bug used for tracking progress of new updates to Nova,
+ Horizon, Keystone, and Glance.
nova (2012.1.4+stable-20121212-bd102419-0ubuntu1) precise-proposed;
urgency=low
+ [ Yolanda Robla ]
+ * Dropped patches, applied upstream:
+ - debian/patches/CVE-2012-3447.patch: update to perform the file name
+ canonicalization as the root user
+ - debian/patches/CVE-2012-3371.patch: lookup instance ids only once
+ instead of once for each scheduler hint instance id.
+ - debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
+ be injected in arbitrary locations
+
+ * Resynchronize with stable/essex (bd102419):
+ - [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
+ attached
+ - [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
+ slow
+ - [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
+ fixed_ip
+ - [20f98c5] failed to allocate fixed ip because old deleted one exists
+ - [75f6922] snapshot stays in saving state if the vm base image is deleted
+ - [1076699] lock files may be removed in error dues to permissions issues
+ - [40c5e94] ensure_default_security_group() does not call sgh
+ - [4eebe76] At termination, LXC rootfs is not always unmounted before
+ rmtree() is called
+ - [47dabb3] Heavily loaded nova-compute instances don't sent reports
+ frequently enough
+ - [b375b4f] When attach volume lost attach when node restart
+ - [4ac2dcc] nova usage-list returns wrong usage
+ - [014fcbc] Bridge port's hairpin mode not set after resuming a machine
+ - [2f35f8e] Nova flavor ephemeral space size reported incorrectly
+
+ -- Yolanda Robla <yolanda.robla at canonical.com> Wed, 12 Dec 2012
+ 10:26:00 +0100
+
+ horizon (2012.1.4+stable-20121212-5ce39422-0ubuntu1) precise-proposed;
+ urgency=low
+
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- - debian/patches/CVE-2012-3447.patch: update to perform the file name
- canonicalization as the root user
- - debian/patches/CVE-2012-3371.patch: lookup instance ids only once
- instead of once for each scheduler hint instance id.
- - debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
- be injected in arbitrary locations
+ - debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
+ other than the same origin
- * Resynchronize with stable/essex (bd102419):
- - [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
- attached
- - [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
- slow
- - [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
- fixed_ip
- - [20f98c5] failed to allocate fixed ip because old deleted one exists
- - [75f6922] snapshot stays in saving state if the vm base image is deleted
- - [1076699] lock files may be removed in error dues to permissions issues
- - [40c5e94] ensure_default_security_group() does not call sgh
- - [4eebe76] At termination, LXC rootfs is not always unmounted before
- rmtree() is called
- - [47dabb3] Heavily loaded nova-compute instances don't sent reports
- frequently enough
- - [b375b4f] When attach volume lost attach when node restart
- - [4ac2dcc] nova usage-list returns wrong usage
- - [014fcbc] Bridge port's hairpin mode not set after resuming a machine
- - [2f35f8e] Nova flavor ephemeral space size reported incorrectly
+ * Resynchronize with stable/essex (5ce39422) LP: #1089466:
+ - [7e651d7] stable/essex horizon installs unusable version of glance
+ - [35eada8] open redirect / phishing attack via "next" parameter
+ - [8889311] TypeError when trying to delete an unnamed volume via dashboard
+ - [f862d9e] Wrong 'Download CSV Summary' link
-- Yolanda Robla <yolanda.robla at canonical.com> Wed, 12 Dec 2012
- 10:26:00 +0100
+ 14:25:33 +0100
** Also affects: glance (Ubuntu)
Importance: Undecided
Status: New
** Changed in: glance (Ubuntu)
Status: New => Confirmed
** Description changed:
This is a meta-bug used for tracking progress of new updates to Nova,
Horizon, Keystone, and Glance.
nova (2012.1.4+stable-20121212-bd102419-0ubuntu1) precise-proposed;
urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3447.patch: update to perform the file name
canonicalization as the root user
- debian/patches/CVE-2012-3371.patch: lookup instance ids only once
instead of once for each scheduler hint instance id.
- debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
be injected in arbitrary locations
* Resynchronize with stable/essex (bd102419):
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip
- [20f98c5] failed to allocate fixed ip because old deleted one exists
- [75f6922] snapshot stays in saving state if the vm base image is deleted
- [1076699] lock files may be removed in error dues to permissions issues
- [40c5e94] ensure_default_security_group() does not call sgh
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough
- [b375b4f] When attach volume lost attach when node restart
- [4ac2dcc] nova usage-list returns wrong usage
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly
-- Yolanda Robla <yolanda.robla at canonical.com> Wed, 12 Dec 2012
10:26:00 +0100
horizon (2012.1.4+stable-20121212-5ce39422-0ubuntu1) precise-proposed;
urgency=low
+ [ Yolanda Robla ]
+ * Dropped patches, applied upstream:
+ - debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
+ other than the same origin
+
+ * Resynchronize with stable/essex (5ce39422) LP: #1089466:
+ - [7e651d7] stable/essex horizon installs unusable version of glance
+ - [35eada8] open redirect / phishing attack via "next" parameter
+ - [8889311] TypeError when trying to delete an unnamed volume via dashboard
+ - [f862d9e] Wrong 'Download CSV Summary' link
+
+ -- Yolanda Robla <yolanda.robla at canonical.com> Wed, 12 Dec 2012
+ 14:25:33 +0100
+
+ glance (2012.1.3+stable-20121211-efd7e75b-0ubuntu1) precise-proposed;
+ urgency=low
+
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- - debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
- other than the same origin
+ - debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
+ ensure image is owned by user before delayed_deletion
- * Resynchronize with stable/essex (5ce39422) LP: #1089466:
- - [7e651d7] stable/essex horizon installs unusable version of glance
- - [35eada8] open redirect / phishing attack via "next" parameter
- - [8889311] TypeError when trying to delete an unnamed volume via dashboard
- - [f862d9e] Wrong 'Download CSV Summary' link
+ * Resynchronize with stable/essex (efd7e75b):
+ - [efd7e75] Non-admin users can cause public glance images to be deleted
+ from the backend storage repository
+ - [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
+ migrate and the newest sqlalchemy-0.8.0b1
- -- Yolanda Robla <yolanda.robla at canonical.com> Wed, 12 Dec 2012
- 14:25:33 +0100
+ * debian/rules: skipping pep8 tests to allow building
+
+ -- Yolanda Robla <yolanda.robla at canonical.com> Tue, 11 Dec 2012
+ 20:31:00 +0100
** Also affects: keystone (Ubuntu)
Importance: Undecided
Status: New
** Changed in: keystone (Ubuntu)
Status: New => Confirmed
** Description changed:
This is a meta-bug used for tracking progress of new updates to Nova,
Horizon, Keystone, and Glance.
nova (2012.1.4+stable-20121212-bd102419-0ubuntu1) precise-proposed;
urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3447.patch: update to perform the file name
canonicalization as the root user
- debian/patches/CVE-2012-3371.patch: lookup instance ids only once
instead of once for each scheduler hint instance id.
- debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
be injected in arbitrary locations
* Resynchronize with stable/essex (bd102419):
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip
- [20f98c5] failed to allocate fixed ip because old deleted one exists
- [75f6922] snapshot stays in saving state if the vm base image is deleted
- [1076699] lock files may be removed in error dues to permissions issues
- [40c5e94] ensure_default_security_group() does not call sgh
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough
- [b375b4f] When attach volume lost attach when node restart
- [4ac2dcc] nova usage-list returns wrong usage
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly
-- Yolanda Robla <yolanda.robla at canonical.com> Wed, 12 Dec 2012
10:26:00 +0100
horizon (2012.1.4+stable-20121212-5ce39422-0ubuntu1) precise-proposed;
urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
other than the same origin
* Resynchronize with stable/essex (5ce39422) LP: #1089466:
- [7e651d7] stable/essex horizon installs unusable version of glance
- [35eada8] open redirect / phishing attack via "next" parameter
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
- [f862d9e] Wrong 'Download CSV Summary' link
-- Yolanda Robla <yolanda.robla at canonical.com> Wed, 12 Dec 2012
14:25:33 +0100
glance (2012.1.3+stable-20121211-efd7e75b-0ubuntu1) precise-proposed;
urgency=low
+ [ Yolanda Robla ]
+ * Dropped patches, applied upstream:
+ - debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
+ ensure image is owned by user before delayed_deletion
+
+ * Resynchronize with stable/essex (efd7e75b):
+ - [efd7e75] Non-admin users can cause public glance images to be deleted
+ from the backend storage repository
+ - [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
+ migrate and the newest sqlalchemy-0.8.0b1
+
+ * debian/rules: skipping pep8 tests to allow building
+
+ -- Yolanda Robla <yolanda.robla at canonical.com> Tue, 11 Dec 2012
+ 20:31:00 +0100
+
+
+ keystone (2012.1+stable-20121211-c17a9992-0ubuntu1) precise-proposed; urgency=low
+
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- - debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
- ensure image is owned by user before delayed_deletion
+ - debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify
+ that the user is in at least one valid role for the tenant
+ - debian/patches/keystone-CVE-2012-4413.patch: invalidate all user
+ tokens upon role grant/revoke
+ - debian/patches/keystone-CVE-2012-3542: require authz to update a
+ user's tenant.
+ * Resynchronize with stable/essex (c17a9992) LP: #1089488:
+ - [8735009] Removing user from a tenant isn't invalidating user access to
+ tenant
+ - [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
+ migrate and the newest sqlalchemy-0.8.0b1
+ - [ddb4019] Open 2012.1.4 development
+ - [0e1f05e] memcache driver needs protection against unicode user keys
+ - [176ee9b] Token invalidation in case of role grant/revoke should be
+ limited to affected tenant
+ - [58ac669] Token validation includes revoked roles (CVE-2012-4413)
+ - [cd1e48a] Memcached Token Backend does not support list tokens
+ - [5438d3b] Update user's default tenant partially succeeds without authz
- * Resynchronize with stable/essex (efd7e75b):
- - [efd7e75] Non-admin users can cause public glance images to be deleted
- from the backend storage repository
- - [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
- migrate and the newest sqlalchemy-0.8.0b1
-
- * debian/rules: skipping pep8 tests to allow building
-
- -- Yolanda Robla <yolanda.robla at canonical.com> Tue, 11 Dec 2012
- 20:31:00 +0100
+ -- Yolanda <yolanda.robla at canonical.com> Tue, 11 Dec 2012 12:22:03
+ +0100
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488
Title:
Meta bug for tracking Openstack Stable Updates
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions
More information about the Ubuntu-server-bugs
mailing list