lp:ubuntu/quantal-security/nova

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

101. By Jamie Strandboge on 2013-10-21

* SECURITY UPDATE: properly honor the is_public flag
  - debian/patches/CVE-2013-2256.patch, CVE-2013-4278.patch: add enforcement
    of is_public in the db layer (LP: #1194093, LP: #1212179)
  - CVE-2013-2256, CVE-2013-4278
* SECURITY UPDATE: denial of service with network security group policy
  updates
  - debian/patches/CVE-2013-4185.patch: use cached nwinfo for secgroup rules
    (LP: #1184041)
  - CVE-2013-4185

100. By Jamie Strandboge on 2013-05-28

* Regression fix. Nova fails to launch non-cached images (LP: #1183606)
  - debian/patches/lp1183606.patch: call prepare_template() before
    performing QCOW2 image size check

99. By Jamie Strandboge on 2013-05-15

* SECURITY UPDATE: verify virtual size of QCOW2 images
  - CVE-2013-2096.patch: update nova/virt/libvirt/imagebackend.py to
    check QCOW2 image size during root disk creation
  - CVE-2013-2096

98. By Jamie Strandboge on 2013-03-20

* SECURITY UPDATE: fix denial of service via fixed IPs when using extensions
  - debian/patches/CVE-2013-1838.patch: add explicit quota for fixed IP
  - CVE-2013-1838
  - LP: #1125468
* SECURITY UPDATE: fix VNC token validation
  - debian/patches/CVE-2013-0335.patch: force console auth service to flush
    all tokens associated with an instance when it is deleted
  - CVE-2013-0335
  - LP: #1125378

97. By Jamie Strandboge on 2013-02-19

* SECURITY UPDATE: fix denial of service
  - CVE-2013-1664.patch: Add a new utils.safe_minidom_parse_string function
    and update external API facing Nova modules to use it
  - CVE-2013-1664

96. By Jamie Strandboge on 2013-01-29

* SECURITY UPDATE: fix lack of authentication on block device used for
  os-volume_boot
  - debian/patches/CVE-2013-0208.patch: adjust nova/compute/api.py to
    validate we can access the volumes
  - CVE-2013-0208

95. By Jamie Strandboge on 2012-12-11

* SECURITY UPDATE: information leak in libvirt LVM-backed instances
  - debian/patches/CVE-2012-5625.patch: overwrite each logical volume with
    zeros
  - LP: #1070539
  - CVE-2012-5625

94. By Chuck Short on 2012-10-12

[ Adam Gandelman ]
* Move management of /var/lib/nova/volumes from nova-common to
  nova-volume. Ensure it has proper permissions. (LP: #1065320)
* debian/patches/avoid_setuptools_git_dependency.patch: Remove
  setuptools_git from tools/pip-requires to avoid it being automatically
  added to python-nova's runtime dependencies. (LP: #1059907)

[ Chuck Short ]
* debian/patches/rbd-security.patch: Support override of ceph rbd
  user and secret in nova-compute. (LP: #1065883)
* debian/patches/ubuntu/fix-libvirt-firewall-slowdown.patch: Fix
  refreshing of security groups in libvirt not to block on RPC calls.
  (LP: #1062314)
* debian/patches/ubuntu/fix-ec2-volume-id-mappings.patch: Read deleted
  snapshot and volume id mappings. (LP: #1065785)

93. By Chuck Short on 2012-10-09

debian/patches/ubuntu/ubuntu-fix-ec2-instance-id-mappings.patch:
Backport from trunk, Set read_deleted='yes' for instance_id_mappings.
(LP: #1061166)

92. By Adam Gandelman on 2012-10-02

* nova-xvpvncproxy, nova-novncproxy: Add missing .install, .logrotate,
  .postrm, manpages and upstart jobs (LP: #1060336)
* debian/{rules, nova-volume.install}: Rename nova_tgt to nova_tgt.conf so
  that it is actually loaded by tgt. (LP: #1060422)