Ubuntu
swift package

lp:ubuntu/precise-security/swift

Precise (12.04)
precise-security

Created by Ubuntu Package Importer on 2013-06-20 and last modified on 2015-07-27

Get this branch:: bzr branch lp:ubuntu/precise-security/swift

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Bug #1183884: [OSSA 2013-016] Unescaped content embedded in XML (CVE-2013-2161)	Undecided	Fix Committed
Bug #1196932: [OSSA 2013-022] Possibly DoS attack using object tombstones (CVE-2013-4155)	Undecided	Fix Committed

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

41. By Jamie Strandboge on 2015-07-27

[ Marc Deslauriers ]
* SECURITY UPDATE: metadata constraint bypass via multiple requests
  - debian/patches/CVE-2014-7960.patch: add metadata checks to
    swift/account/server.py, swift/common/constraints.py,
    swift/common/db.py, swift/container/server.py, added tests to
    test/unit/common/test_db.py,
    test/functionalnosetests/test_account.py,
    test/functionalnosetests/test_container.py.
  - CVE-2014-7960

[ Jamie Strandboge ]
* debian/patches/CVE-2014-7960.patch:
  - adjust unittests since we use webob.exc and not the newer swob
  - adjust functional tests to properly skip if test environment is not
    specified and to not interfere with other functional tests
* debian/control: Build-Depends on python-mock

40. By Marc Deslauriers on 2014-03-14

* SECURITY UPDATE: timing side-channel attack in TempURL
  - debian/patches/CVE-2014-0006.patch: use constant time comparison in
    swift/common/middleware/tempurl.py.
  - CVE-2014-0006

39. By Jamie Strandboge on 2013-08-22

* SECURITY UPDATE: Fix handling of DELETE obj reqs with old timestamp
  - debian/patches/CVE-2013-4155.patch: don't create tombstone files when
    a file with a newer timestamp exists
  - CVE-2013-4155
  - LP: #1196932

38. By Jamie Strandboge on 2013-06-17

* SECURITY UPDATE: fix unchecked input in XML responses
  - debian/patches/CVE-2013-2161.patch: use saxutils.quoteattr() on account
    name
  - CVE-2013-2161
  - LP: #1183884
* SECURITY UPDATE: optionally allow using secure json serialization instead
  of pickle.
  - debian/patches/CVE-2012-4406.patch: add memcache_serialization_support
    option and update man pages
  - debian/patches/memcache_serialization_support-default-to-zero.patch:
    default to insecure pickle configuration for people upgrading.
    Interested users can adjust this as desired
  - CVE-2012-4406
  - LP: #1006414

37. By Chuck Short on 2012-04-12

debian/patches/fix-ubuntu-unittests.patch: Refreshed
to fix testsuite failures.

36. By Chuck Short on 2012-04-10

* New upstream release.
* debian/patches/fix-ubuntu-unittests.patch: Refreshed.
* debian/patches/fix-doc-no-network.patch: Dont access network when
trying to build docs.

35. By Chuck Short on 2012-03-23

* debian/rules: Make the build fail if the testsuite doesnt pass.
* debian/patches/fix-ubuntu-unittests.patch: Various fixes to build
swift in the buildds.

34. By James Page on 2012-03-15

* Fixup upstart configurations (LP: #954477):
  - d/rules: Correctly generate ALL upstart configurations when
    building for Ubuntu.
  - d/*.upstart.in: Update upstart config's to use new conf file locations.

33. By Chuck Short on 2012-03-09

[ Chuck Short ]
* New upstream release.

[ Thierry Carrez (ttx) ]
* Remove swift-stats-populate, swift-stats-report and stats.conf-sample to
match Swift 1.4.7 contents

32. By Chuck Short on 2012-03-02

New upstream release.

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/saucy/swift

This branch contains Public information

Everyone can see this information.

Subscribers

Ubuntu branches

Ubuntuswift package