Glance

Merge lp:~james-page/glance/folsom-resync into lp:~openstack-ubuntu-testing/glance/folsom

  1. folsom-resync
  2. Merge into folsom
Proposed by James Page
Status: Merged
Approved by: Chuck Short
Approved revision: 222
Merged at revision: 221
Proposed branch: lp:~james-page/glance/folsom-resync
Merge into: lp:~openstack-ubuntu-testing/glance/folsom
Diff against target: 72 lines (+42/-0)
3 files modified
debian/changelog (+19/-0)
debian/patches/CVE-2013-1840.patch (+22/-0)
debian/patches/series (+1/-0)
To merge this branch: bzr merge lp:~james-page/glance/folsom-resync
Reviewer Review Type Date Requested Status
Openstack Ubuntu Testers Pending
Review via email: mp+154953@code.launchpad.net

Description of the change

Resync of pending SRU with security updates

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2013-03-21 15:36:24 +0000
3+++ debian/changelog 2013-03-22 13:39:40 +0000
4@@ -4,6 +4,16 @@
5
6 -- Chuck Short <zulcss@ubuntu.com> Thu, 21 Mar 2013 10:18:54 -0500
7
8+glance (2012.2.3-0ubuntu2) quantal-proposed; urgency=low
9+
10+ * Resync with latest security update.
11+ * SECURITY UPDATE: fix information disclosure via Glance v1 API
12+ - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
13+ not show image_meta['location']
14+ - CVE-2013-1840
15+
16+ -- James Page <james.page@ubuntu.com> Fri, 22 Mar 2013 11:48:52 +0000
17+
18 glance (2012.2.3-0ubuntu1) quantal-proposed; urgency=low
19
20 * Dropped patches, applied upstream:
21@@ -18,6 +28,15 @@
22
23 -- Adam Gandelman <adamg@ubuntu.com> Tue, 05 Feb 2013 14:02:33 -0400
24
25+glance (2012.2.1-0ubuntu1.2) quantal-security; urgency=low
26+
27+ * SECURITY UPDATE: fix information disclosure via Glance v1 API
28+ - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
29+ not show image_meta['location']
30+ - CVE-2013-1840
31+
32+ -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Mar 2013 15:39:08 -0500
33+
34 glance (2012.2.1-0ubuntu1.1) quantal-security; urgency=low
35
36 * SECURITY UPDATE: information disclosure via swift error messages
37
38=== added file 'debian/patches/CVE-2013-1840.patch'
39--- debian/patches/CVE-2013-1840.patch 1970-01-01 00:00:00 +0000
40+++ debian/patches/CVE-2013-1840.patch 2013-03-22 13:39:40 +0000
41@@ -0,0 +1,22 @@
42+commit 13eecc3e19e9528d52e71f57bd15b2cf6e0c1af2
43+Author: Stuart McLaren <stuart.mclaren@hp.com>
44+Date: Thu Mar 7 17:11:35 2013 +0000
45+
46+ folsom patch
47+
48+ Change-Id: Ib0dbef4ce5d1aa5303f63d0aca635eee49e40284
49+
50+diff --git a/glance/api/middleware/cache.py b/glance/api/middleware/cache.py
51+index 8e24ef0..dcd59b6 100644
52+--- a/glance/api/middleware/cache.py
53++++ b/glance/api/middleware/cache.py
54+@@ -111,6 +111,9 @@ class CacheFilter(wsgi.Middleware):
55+
56+ def _process_v1_request(self, request, image_id, image_iterator):
57+ image_meta = registry.get_image_metadata(request.context, image_id)
58++ # Don't display location
59++ if 'location' in image_meta:
60++ del image_meta['location']
61+
62+ if not image_meta['size']:
63+ # override image size metadata with the actual cached
64
65=== modified file 'debian/patches/series'
66--- debian/patches/series 2012-08-23 11:56:07 +0000
67+++ debian/patches/series 2013-03-22 13:39:40 +0000
68@@ -1,3 +1,4 @@
69 sql_conn.patch
70 disable-swift-tests.patch
71 disable-network-for-docs.patch
72+CVE-2013-1840.patch

Subscribers

People subscribed via source and target branches