[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates
Yolanda Robla
yolanda.robla at canonical.com
Wed Apr 24 16:38:13 UTC 2013
** Description changed:
This is a meta-bug used for tracking progress of new updates to Nova,
Horizon, Keystone.
- nova (2012.1.4+stable-20130402-e52e6912-0ubuntu1) precise-proposed;
+ nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1) precise-proposed;
urgency=low
- [ Chuck Short ]
- * debian/*.logrotate: compress logfiles when they are rotated. (LP:
- #1049915)
-
- [ Yolanda Robla Mota ]
- * Resynchronize with stable/essex (LP: #1089488):
+ * Resynchronize with stable/essex (e52e6912) (LP: #1089488):
- [48e81f1] VNC proxy can be made to connect to wrong VM LP: 1125378
- [3bf5a58] snat rule too broad for some network configurations LP: 1048765
- [efaacda] DOS by allocating all fixed ips LP: 1125468
- [b683ced] Add nosehtmloutput as a test dependency.
- [45274c8] Nova unit tests not running, but still passing for stable/essex
LP: 1132835
- [e02b459] vnc unit-test fixes
- [87361d3] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [e98928c] VNC proxy can be made to connect to wrong VM LP: 1125378
- [c0a10db] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
- [243d516] No authentication on block device used for os-volume_boot
LP: 1069904
- [80fefe5] use_single_default_gateway does not function correctly
(LP: #1075859)
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached (LP: #1079745)
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow (LP: #1062314)
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip (LP: #1017633)
- [20f98c5] failed to allocate fixed ip because old deleted one exists
(LP: #996482)
- [75f6922] snapshot stays in saving state if the vm base image is deleted
(LP: #921774)
- [1076699] lock files may be removed in error dues to permissions issues
(LP: #1051924)
- [40c5e94] ensure_default_security_group() does not call sgh (LP: #1050982)
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called (LP: #1046313)
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough (LP: #1045152)
- [b375b4f] When attach volume lost attach when node restart (LP: #1004791)
- [4ac2dcc] nova usage-list returns wrong usage (LP: #1043999)
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine
(LP: #1040537)
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly
(LP: #1026210)
+ * Dropped, superseeded by new snapshot:
+ - debian/patches/CVE-2013-0335.patch: [48e81f1]
+ - debian/patches/CVE-2013-1838.patch: [efaacda]
+ - debian/patches/CVE-2013-1664.patch: [c0a10db]
+ - debian/patches/CVE-2013-0208.patch: [243d516]
- -- Yolanda Robla Mota <yolanda.robla at canonical.com> Fri, 05 Apr 2013
- 09:59:20 +0100
+ -- Yolanda <yolanda.robla at canonical.com> Mon, 22 Apr 2013 12:37:08
+ +0200
- horizon (2012.1.4+stable-20130405-5ce39422-0ubuntu1) precise-proposed;
+ horizon (2012.1.3+stable-20130423-5ce39422-0ubuntu1) precise-proposed;
urgency=low
- * Resynchronize with stable/essex (LP: #1089488):
+ * Resynchronize with stable/essex (LP: #1089488)
- [7e651d7] stable/essex horizon installs unusable version of glance
(LP: #1057125)
- [35eada8] open redirect / phishing attack via "next" parameter
(LP: #1039077)
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
(LP: #1031291)
- [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
- [9b22d68] When adding ICMP rule, the type/code is being validated as
from/to ports (LP: #997669)
- [52bbba1] Added --only-selenium option in run_tests.sh
-
- * Dropped patches, superseeded by snapshot:
+ * Dropped patches, superseeded by new snapshot:
- debian/patches/CVE-2012-3540.patch [35eada8]
- -- Yolanda Robla Mota <yolanda.robla at canonical.com> Fri, 05 Apr 2013
- 10:14:44 +0100
+ -- Yolanda <yolanda.robla at canonical.com> Wed, 24 Apr 2013 15:46:28
+ +0200
- keystone (2012.1.4+stable-20130405-f48dd0fc-0ubuntu1) precise-proposed;
+ keystone (2012.1.3+stable-20130423-f48dd0fc-0ubuntu1) precise-proposed;
urgency=low
- [ Chuck Short ]
- * debian/keystone.logrotate: Compress log file when rotated. (LP: #1049309)
-
- [ Yolanda Robla Mota ]
* Resynchronize with stable/essex (LP: #1089488):
- [7402f5e] EC2 authentication does not ensure user or tenant is enabled
LP: 1121494
- [8945567] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
- [7b5b72f] Add size validations for /tokens.
- [ef1e682] docutils 0.10 incompatible with sphinx 1.1.3 LP: 1091333
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant (LP: #1064914)
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys
(LP: #1056373)
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant (LP: #1050025)
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
(LP: #1041396)
- [cd1e48a] Memcached Token Backend does not support list tokens
(LP: #1046905)
- [5438d3b] Update user's default tenant partially succeeds without authz
(LP: #1040626)
+ * Dropped patches, superseeded by new snapshot:
+ - debian/patches/CVE-2013-0282.patch [7402f5e]
+ - debian/patches/CVE-2013-1664+1665.patch [8945567]
+ - debian/patches/keystone-CVE-2012-5571.patch [8735009]
+ - debian/patches/keystone-CVE-2012-4413.patch [58ac669]
+ - debian/patches/keystone-CVE-2012-3542.patch [5438d3b]
+ * Refreshed patches:
+ - debian/patches/CVE-2013-0247.patch
+ - debian/patches/fix-ubuntu-tests.patch
- * Dropped, superseeded by new snapshot:
- - debian/patches/CVE-2012-4413.patch [58ac669]
- - debian/patches/CVE-2012-5571.patch [8735009]
- - debian/patches/CVE-2012-3542.patch [5438d3b]
+ -- Yolanda <yolanda.robla at canonical.com> Tue, 23 Apr 2013 10:30:16
+ +0200
- -- Yolanda Robla Mota <yolanda.robla at canonical.com> Fri, 05 Apr 2013
- 10:19:08 +0100
-
- glance (2012.1.4+stable-20130405-74b067df-0ubuntu1) precise-proposed;
+ glance (2012.1.3+stable-20130423-74b067df-0ubuntu1) precise-proposed;
urgency=low
- [ Adam Gandelman ]
- * debian/glance-{registry, api}.logrotate: Fix incorrect logfile
- locations. (LP: #1049314)
-
- [ Yolanda Robla Mota ]
- * debian/rules: skipping pep8 tests to allow building
- * Resynchronize with stable/essex (LP: #1089488):
+ * Resynchronize with stable/essex (74b067df) (LP: #1089488):
- [74b067d] v1 api returns location as header for cached images LP: 1135541
- [37d4d96] glance image-download can display backend Swift password
LP: 1098962
- [efd7e75] Non-admin users can cause public glance images to be deleted
from the backend storage repository (LP: #1065187)
- [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
+ * Dropped patches, superseeded by snapshot:
+ - debian/patches/CVE-2013-1840.patch [74b067d]
+ - debian/patches/CVE-2013-0212.patch [37d4d96]
+ - debian/patches/CVE-2012-4573.patch [efd7e75]
- * Dropped patches, superseeded by snapshot:
- - debian/patches/CVE-2012-4573.patch: [efd7e75]
-
- -- Yolanda Robla Mota <yolanda.robla at canonical.com> Fri, 05 Apr 2013
- 09:56:36 +0100
+ -- Yolanda <yolanda.robla at canonical.com> Wed, 24 Apr 2013 14:58:09
+ +0200
** Changed in: glance (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488
Title:
Meta bug for tracking Openstack Stable Updates
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions
More information about the Ubuntu-server-bugs
mailing list