[Bug 968411] Re: [Precise] nova is vulnerable to CVE-2012-1585

2012-04-02 Thread Launchpad Bug Tracker 
This bug was fixed in the package nova - 2012.1~rc2-0ubuntu1

---
nova (2012.1~rc2-0ubuntu1) precise; urgency=low

  [ Adam Gandelman ]
  * debian/control: Remove unncessary nova-cert dependency from nova-api.
(LP: #965356)
  * debian/nova-common.postinst: Clean up spacing, remove redundant chown,
set blanket 0700 nova.nova permissions on /etc/nova/
  * debian/nova-compute-{kvm, lxc, uml, xen}.postinst: Set proper permissions
on /etc/nova/nova-compute.conf (LP: #861459)
  * debian/nova-common.postinst:  Ensure default nova.sqlite database is not
world-readable.
  * debian/{rules, nova-common.{install, postinst}}: Install api-paste.ini 0600
with nova-common (in prepartion for proper nova-api-* package separation)
  * debian/{nova-common.nova-manage.logrotate,
nova-network.nova-dhcpbridge.logrotate, rules}: Add lograte files,
override_dh_installlogrotate. (LP: #942646)
  * Add manpage stubs for nova-api-ec2, nova-api-metadata,
nova-api-os-{volume, compute}, nova-rootwrap. Use sphinx built manpage
for nova-manage (nova-common.manpages)
  * debian/nova-compute-{kvm, xen, uml, qemu}.postinst: Remove calls to
adduser since this is already handled from nova-compute.postsinst in a
vendor neutral way.  Silences lintian errors regarding adduser dependency

  [ Chuck Short ]
  * New upstream version.
  * debian/patches/libvirt-use-console-pipe.patch: Dropped.
  * debian/patches/nova-console-monitor.patch: Add console-monitor
option.
  * debian/nova.conf: Enable use_console_monitor
  * debian/patches/fix-ubuntu-tests.patch: Fix nova testsuite.
  * debian/rules: fail package build if testsuite fails.
  * debian/patches/validate_server_name_length.patch: Dropped no longer
needed.
  * debian/patches/fix-docs-build-without-network.patch: Some docs need
a network connection in order to build. Disable fetching docs from
the internet.
  * debian/patches/0001-fix-useexisting-deprecation-warnings.patch:
Remove deprecated warnings with sqlalchemy.

  [ Tyler Hicks ]
  * SECURITY UPDATE: Denial of service via resource exhaustion in nova-api
(LP: #968411)
- debian/patches/validate_server_name_length.patch: Limit server names
  to a maximum of 255 characters to prevent nova-api log files from
  exhausting storage space. Based on upstream patch.
- CVE-2012-1585
 -- Chuck Short zul...@ubuntu.com   Mon, 02 Apr 2012 11:17:33 -0400

** Changed in: nova (Ubuntu)
   Status: Confirmed = Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/968411

Title:
  [Precise] nova is vulnerable to CVE-2012-1585

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nova/+bug/968411/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 968411] Re: [Precise] nova is vulnerable to CVE-2012-1585

2012-03-29 Thread Tyler Hicks 
Debdif against 2012.1~rc1-0ubuntu2. Tested using the in-tree test suite.
The new tests, added by the patch in the debdiff, successfully pass.

** Patch added: nova_2012.1~rc1-0ubuntu3.debdiff
   
https://bugs.launchpad.net/ubuntu/+source/nova/+bug/968411/+attachment/2962061/+files/nova_2012.1%7Erc1-0ubuntu3.debdiff

** Visibility changed to: Public

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/968411

Title:
  [Precise] nova is vulnerable to CVE-2012-1585

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nova/+bug/968411/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 968411] Re: [Precise] nova is vulnerable to CVE-2012-1585

2012-03-29 Thread Launchpad Bug Tracker 
** Branch linked: lp:~openstack-ubuntu-testing/nova/precise-essex-
proposed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/968411

Title:
  [Precise] nova is vulnerable to CVE-2012-1585

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nova/+bug/968411/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 968411] Re: [Precise] nova is vulnerable to CVE-2012-1585

2012-03-29 Thread Micah Gersten 
unsubscribing -sponsors since this has been merged in

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/968411

Title:
  [Precise] nova is vulnerable to CVE-2012-1585

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nova/+bug/968411/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs