Ubuntu
nova package

lp:ubuntu/oneiric-updates/nova

Oneiric (11.10)
oneiric-updates

Created by Ubuntu Package Importer on 2011-10-26 and last modified on 2013-03-20

Get this branch:: bzr branch lp:ubuntu/oneiric-updates/nova

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

57. By Jamie Strandboge on 2013-03-20: * SECURITY UPDATE: fix denial of service via fixed IPs when using extensions
  - debian/patches/CVE-2013-1838.patch: add explicit quota for fixed IP
  - CVE-2013-1838
  - LP: #1125468
56. By Jamie Strandboge on 2013-02-19: * SECURITY UPDATE: fix denial of service
  - CVE-2013-1664.patch: Add a new utils.safe_minidom_parse_string function
    and update external API facing Nova modules to use it
  - CVE-2013-1664
55. By Jamie Strandboge on 2013-01-23: * SECURITY UPDATE: fix lack of authentication on block device used for
  os-volume_boot
  - debian/patches/CVE-2013-0208.patch: adjust nova/compute/api.py to
    validate we can access the volumes
  - CVE-2013-0208
54. By Jamie Strandboge on 2012-08-17: * SECURITY UPDATE: Prohibit file injection writing to host filesystem
  - debian/patches/CVE-2012-3447.patch: update to perform the file name
    canonicalization as the root user
  - CVE-2012-3447
53. By Steve Beattie on 2012-07-02: * SECURITY UPDATE: arbitrary file injection/corruption
  - debian/patches/CVE-2012-3361.patch: ensure that files cannot
    be injected in arbitrary locations
  - CVE-2012-3361
52. By Steve Beattie on 2012-06-11: * REGRESSION FIX: security group without protocol set failure (LP: #1010514)
- debian/patches/CVE-2012-2654-regression.patch: only call .lower()
when a protocol has been set.
51. By Steve Beattie on 2012-06-01: * SECURITY UPDATE: set security groups correctly if IP protocol is
  specified in upper/mixed case
  - debian/patches/CVE-2012-2654.patch: ensure protocols are in
    lowercase for the controllers
50. By Jamie Strandboge on 2012-05-03: * SECURITY UPDATE: Place limit on number of security groups a user may
  create
  - debian/patches/CVE-2012-2101.patch: add quotas for security groups and
    security groups rules
  - CVE-2012-2101
49. By Tyler Hicks on 2012-03-29: * SECURITY UPDATE: Denial of service via resource exhaustion in nova-api
  - debian/patches/validate_server_name_length.patch: Limit server names
    to a maximum of 255 characters to prevent nova-api log files from
    exhausting storage space. Based on upstream patch.
  - CVE-2012-1585
48. By Jamie Strandboge on 2012-01-10: * SECURITY UPDATE: fix tenant bypass by authenticated users via OpenStack
API (LP: #904072)
- CVE-2012-0030

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/precise/nova

This branch contains Public information

Everyone can see this information.

Subscribers

Ubuntu branches

Ubuntunova package