Ubuntu
nova package

lp:ubuntu/precise-security/nova

Precise (12.04)
precise-security

Created by Ubuntu Package Importer on 2012-05-05 and last modified on 2013-10-24

Get this branch:: bzr branch lp:ubuntu/precise-security/nova

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

88. By Jamie Strandboge on 2013-10-21: * SECURITY UPDATE: denial of service with network security group policy
  updates
  - debian/patches/CVE-2013-4185.patch: use cached nwinfo for secgroup rules
    (LP: #1184041)
  - CVE-2013-4185
87. By Jamie Strandboge on 2013-05-15: * SECURITY UPDATE: verify virtual size of QCOW2 images
  - CVE-2013-2096.patch: update nova/virt/libvirt/connection.py to check
    QCOW2 image size during root disk creation
  - CVE-2013-2096
86. By Jamie Strandboge on 2013-03-20: * SECURITY UPDATE: fix denial of service via fixed IPs when using extensions
  - debian/patches/CVE-2013-1838.patch: add explicit quota for fixed IP
  - CVE-2013-1838
  - LP: #1125468
* SECURITY UPDATE: fix VNC token validation
  - debian/patches/CVE-2013-0335*.patch: force console auth service to flush
    all tokens associated with an instance when it is deleted
  - CVE-2013-0335
  - LP: #1125378
85. By Jamie Strandboge on 2013-02-19: * SECURITY UPDATE: fix denial of service
  - CVE-2013-1664.patch: Add a new utils.safe_minidom_parse_string function
    and update external API facing Nova modules to use it
  - CVE-2013-1664
84. By Jamie Strandboge on 2013-01-23: * SECURITY UPDATE: fix lack of authentication on block device used for
  os-volume_boot
  - debian/patches/CVE-2013-0208.patch: adjust nova/compute/api.py to
    validate we can access the volumes
  - CVE-2013-0208
83. By Jamie Strandboge on 2012-08-17: * SECURITY UPDATE: Prohibit file injection writing to host filesystem
  - debian/patches/CVE-2012-3447.patch: update to perform the file name
    canonicalization as the root user
  - CVE-2012-3447
82. By Steve Beattie on 2012-07-05: * SECURITY UPDATE: scheduler affinity denial of service
- debian/patches/CVE-2012-3371.patch: lookup instance ids only once
instead of once for each scheduler hint instance id.
81. By Steve Beattie on 2012-07-02: * SECURITY UPDATE: arbitrary file injection/corruption
  - debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
    be injected in arbitrary locations
  - CVE-2012-3360
  - CVE-2012-3361
80. By Steve Beattie on 2012-06-11: * REGRESSION FIX: security group without protocol set failure (LP: #1010514)
- debian/patches/CVE-2012-2654-regression.patch: only call .lower()
when a protocol has been set.
79. By Steve Beattie on 2012-05-29: * SECURITY UPDATE: set security groups correctly if IP protocol is
  specified in upper/mixed case
  - debian/patches/CVE-2012-2654.patch: ensure protocols are in
    lowercase for the controllers

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/quantal/nova

This branch contains Public information

Everyone can see this information.

Subscribers

Ubuntu branches

Ubuntunova package