Created by Ubuntu Package Importer on 2011-10-25 and last modified on 2013-03-20
Get this branch:
bzr branch lp:ubuntu/oneiric-security/nova
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

57. By Jamie Strandboge on 2013-03-20

* SECURITY UPDATE: fix denial of service via fixed IPs when using extensions
  - debian/patches/CVE-2013-1838.patch: add explicit quota for fixed IP
  - CVE-2013-1838
  - LP: #1125468

56. By Jamie Strandboge on 2013-02-19

* SECURITY UPDATE: fix denial of service
  - CVE-2013-1664.patch: Add a new utils.safe_minidom_parse_string function
    and update external API facing Nova modules to use it
  - CVE-2013-1664

55. By Jamie Strandboge on 2013-01-23

* SECURITY UPDATE: fix lack of authentication on block device used for
  - debian/patches/CVE-2013-0208.patch: adjust nova/compute/api.py to
    validate we can access the volumes
  - CVE-2013-0208

54. By Jamie Strandboge on 2012-08-17

* SECURITY UPDATE: Prohibit file injection writing to host filesystem
  - debian/patches/CVE-2012-3447.patch: update to perform the file name
    canonicalization as the root user
  - CVE-2012-3447

53. By Steve Beattie on 2012-07-02

* SECURITY UPDATE: arbitrary file injection/corruption
  - debian/patches/CVE-2012-3361.patch: ensure that files cannot
    be injected in arbitrary locations
  - CVE-2012-3361

52. By Steve Beattie on 2012-06-11

* REGRESSION FIX: security group without protocol set failure (LP: #1010514)
  - debian/patches/CVE-2012-2654-regression.patch: only call .lower()
    when a protocol has been set.

51. By Steve Beattie on 2012-06-01

* SECURITY UPDATE: set security groups correctly if IP protocol is
  specified in upper/mixed case
  - debian/patches/CVE-2012-2654.patch: ensure protocols are in
    lowercase for the controllers

50. By Jamie Strandboge on 2012-05-03

* SECURITY UPDATE: Place limit on number of security groups a user may
  - debian/patches/CVE-2012-2101.patch: add quotas for security groups and
    security groups rules
  - CVE-2012-2101

49. By Tyler Hicks on 2012-03-29

* SECURITY UPDATE: Denial of service via resource exhaustion in nova-api
  - debian/patches/validate_server_name_length.patch: Limit server names
    to a maximum of 255 characters to prevent nova-api log files from
    exhausting storage space. Based on upstream patch.
  - CVE-2012-1585

48. By Jamie Strandboge on 2012-01-10

* SECURITY UPDATE: fix tenant bypass by authenticated users via OpenStack
  API (LP: #904072)
  - CVE-2012-0030

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.