lp:ubuntu/precise-security/glance

Created by Ubuntu Package Importer on 2012-11-08 and last modified on 2013-03-14
Get this branch:
bzr branch lp:ubuntu/precise-security/glance
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

53. By Jamie Strandboge on 2013-03-14

* SECURITY UPDATE: fix information disclosure via Glance v1 API
  - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
    not show image_meta['location']
  - CVE-2013-1840
  - LP: #1135541

52. By Jamie Strandboge on 2013-01-28

* SECURITY UPDATE: information disclosure via swift error messages
  - debian/patches/CVE-2013-0212.patch: adjust glance/store/swift.py to
    mot show URLs and credentials in error messages and log output
  - CVE-2013-0212

51. By Jamie Strandboge on 2012-11-08

* SECURITY UPDATE: deletion of arbitrary public and shared images via
  authenticated user
  - debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
    ensure image is owned by user before delayed_deletion
  - CVE-2012-4573

50. By Adam Gandelman on 2012-04-12

[ Adam Gandelman ]
* debian/patches/disable_db_table_auto_create.patch: Disable auto-creation
  of database schema at service start, inspect for consistenty and advise
  running manual migrations instead.
* debian/patches/fix_migration_012_foreign_keys.patch: Fix a migration issue
  around missing FKs. Cherry-picked from upstream. Can be dropped with
  first stable update.
* debian/patches/convert_properties_to_uuid.patch: Fixes migration 012 to
  also convert kernel_id and ramdisk_ids to UUID. Cherry picked from upstream.
  Can be dropped with first stable update (LP: #975651)
* debian/glance-common.postinst: Clean up, fix purging issue due to poor
  us of conditionals
* debian/glance-registry.postinst: Ensure new database is version_controlled
  before first call of db_sync.

[ Chuck Short ]
* debian/control: Fix upgrades from oneiric to precise. (LP: #974592)

49. By Chuck Short on 2012-04-05

New upstream release.

48. By Adam Gandelman on 2012-04-03

* New upstream release.
* debian/control: Add sqlite3 as a Build-Depends (for test suite)

47. By Chuck Short on 2012-04-02

* New upstream release.
* debian/rules: Fail build if testsuite fails.
* debian/patches/disable-swift-tests.patch: Disable swift tests that
  require a swift server setup.
* debian/patches/disable-network-for-docs.patch: Disable network for
  building docs.

46. By Chuck Short on 2012-03-21

* New upstream release. This is hopefully the last release before
  final.
* debian/patches/0001-Fix-depreceated-warnings.patch: Dropped.

45. By Adam Gandelman on 2012-03-16

New upstream release.

44. By Paul Belanger on 2012-03-09

* debian/glance-common.postinst
  - Give adm group read permission to /var/log/glance (LP: #950935)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/raring/glance
This branch contains Public information 
Everyone can see this information.

Subscribers