[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[James Page]

** Changed in: nova (Ubuntu)
   Status: Fix Committed = Invalid

** Changed in: keystone (Ubuntu)
   Status: Fix Committed = Invalid

** Changed in: horizon (Ubuntu)
   Status: Fix Committed = Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488

Title:
  Meta bug for tracking Openstack Stable Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Yolanda Robla]

Test coverage log.

** Attachment added: 2012.1.3+stable-20130405-e52e6912-0ubuntu1.log
   
https://bugs.launchpad.net/bugs/1089488/+attachment/3678007/+files/2012.1.3%2Bstable-20130405-e52e6912-0ubuntu1.log

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488

Title:
  Meta bug for tracking Openstack Stable Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Yolanda Robla]

Test coverage log.

** Attachment added: 2012.1.3+stable-20130405-e52e6912-0ubuntu1.log
   
https://bugs.launchpad.net/bugs/1089488/+attachment/3678023/+files/2012.1.3%2Bstable-20130405-e52e6912-0ubuntu1.log

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488

Title:
  Meta bug for tracking Openstack Stable Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Yolanda Robla]

Test coverage log.

** Attachment added: 2012.1.3+stable-20130423-74b067df-0ubuntu1.log
   
https://bugs.launchpad.net/bugs/1089488/+attachment/3678041/+files/2012.1.3%2Bstable-20130423-74b067df-0ubuntu1.log

** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488

Title:
  Meta bug for tracking Openstack Stable Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Launchpad Bug Tracker]

This bug was fixed in the package horizon -
2012.1.3+stable-20130423-5ce39422-0ubuntu1

---
horizon (2012.1.3+stable-20130423-5ce39422-0ubuntu1) precise-proposed; 
urgency=low

  * Resynchronize with stable/essex (LP: #1089488)
- [7e651d7] stable/essex horizon installs unusable version of glance
  (LP: #1057125)
- [35eada8] open redirect / phishing attack via next parameter
  (LP: #1039077)
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
  (LP: #1031291)
- [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
- [9b22d68] When adding ICMP rule, the type/code is being validated as
  from/to ports (LP: #997669)
- [52bbba1] Added --only-selenium option in run_tests.sh
  * Dropped patches, superseeded by new snapshot:
- debian/patches/CVE-2012-3540.patch [35eada8]
 -- Yolanda yolanda.ro...@canonical.com   Wed, 24 Apr 2013 15:46:28 +0200

** Changed in: horizon (Ubuntu Precise)
   Status: Fix Committed = Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3540

** Changed in: glance (Ubuntu)
   Status: Fix Committed = Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4573

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0212

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1840

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488

Title:
  Meta bug for tracking Openstack Stable Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Launchpad Bug Tracker]

This bug was fixed in the package glance - 2012.1.3+stable-20130423
-74b067df-0ubuntu1

---
glance (2012.1.3+stable-20130423-74b067df-0ubuntu1) precise-proposed; 
urgency=low

  * Resynchronize with stable/essex (74b067df) (LP: #1089488):
- [74b067d] v1 api returns location as header for cached images LP: 1135541
- [37d4d96] glance image-download can display backend Swift password
  LP: 1098962
- [efd7e75] Non-admin users can cause public glance images to be deleted
  from the backend storage repository (LP: #1065187)
- [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
  migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
  * Dropped patches, superseeded by snapshot:
- debian/patches/CVE-2013-1840.patch [74b067d]
- debian/patches/CVE-2013-0212.patch [37d4d96]
- debian/patches/CVE-2012-4573.patch [efd7e75]
 -- Yolanda yolanda.ro...@canonical.com   Wed, 24 Apr 2013 14:58:09 +0200

** Changed in: nova (Ubuntu Precise)
   Status: Fix Committed = Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0208

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0335

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1664

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1838

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488

Title:
  Meta bug for tracking Openstack Stable Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Launchpad Bug Tracker]

This bug was fixed in the package nova -
2012.1.3+stable-20130423-e52e6912-0ubuntu1

---
nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1) precise-proposed; urgency=low

  * Resynchronize with stable/essex (e52e6912) (LP: #1089488):
- [48e81f1] VNC proxy can be made to connect to wrong VM LP: 1125378
- [3bf5a58] snat rule too broad for some network configurations LP: 1048765
- [efaacda] DOS by allocating all fixed ips LP: 1125468
- [b683ced] Add nosehtmloutput as a test dependency.
- [45274c8] Nova unit tests not running, but still passing for stable/essex
  LP: 1132835
- [e02b459] vnc unit-test fixes
- [87361d3] Jenkins jobs fail because of incompatibility between sqlalchemy-
  migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [e98928c] VNC proxy can be made to connect to wrong VM LP: 1125378
- [c0a10db] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
- [243d516] No authentication on block device used for os-volume_boot
  LP: 1069904
- [80fefe5] use_single_default_gateway does not function correctly
  (LP: #1075859)
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
  attached (LP: #1079745)
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
  slow (LP: #1062314)
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
  fixed_ip (LP: #1017633)
- [20f98c5] failed to allocate fixed ip because old deleted one exists
  (LP: #996482)
- [75f6922] snapshot stays in saving state if the vm base image is deleted
  (LP: #921774)
- [1076699] lock files may be removed in error dues to permissions issues
  (LP: #1051924)
- [40c5e94] ensure_default_security_group() does not call sgh (LP: #1050982)
- [4eebe76] At termination, LXC rootfs is not always unmounted before
  rmtree() is called (LP: #1046313)
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
  frequently enough (LP: #1045152)
- [b375b4f] When attach volume lost attach when node restart (LP: #1004791)
- [4ac2dcc] nova usage-list returns  wrong usage (LP: #1043999)
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine
  (LP: #1040537)
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly
  (LP: #1026210)
  * Dropped, superseeded by new snapshot:
- debian/patches/CVE-2013-0335.patch: [48e81f1]
- debian/patches/CVE-2013-1838.patch: [efaacda]
- debian/patches/CVE-2013-1664.patch: [c0a10db]
- debian/patches/CVE-2013-0208.patch: [243d516]
 -- Yolanda yolanda.ro...@canonical.com   Mon, 22 Apr 2013 12:37:08 +0200

** Changed in: keystone (Ubuntu Precise)
   Status: Fix Committed = Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3542

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4413

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5571

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0247

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0282

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488

Title:
  Meta bug for tracking Openstack Stable Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Launchpad Bug Tracker]

** Branch linked: lp:ubuntu/precise-updates/nova

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488

Title:
  Meta bug for tracking Openstack Stable Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Brian Murray]

Hello Yolanda, or anyone else affected,

Accepted glance into precise-proposed. The package will build now and be
available at
http://launchpad.net/ubuntu/+source/glance/2012.1.3+stable-20130423
-74b067df-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488

Title:
  Meta bug for tracking Openstack Stable Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Launchpad Bug Tracker]

** Branch linked: lp:ubuntu/precise-proposed/glance

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488

Title:
  Meta bug for tracking Openstack Stable Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Launchpad Bug Tracker]

** Branch linked: lp:ubuntu/precise-proposed/nova

** Branch linked: lp:ubuntu/precise-proposed/keystone

** Branch linked: lp:ubuntu/precise-proposed/horizon

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488

Title:
  Meta bug for tracking Openstack Stable Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Yolanda Robla]

** Changed in: glance (Ubuntu)
 Assignee: (unassigned) = Yolanda Robla (yolanda.robla)

** Changed in: horizon (Ubuntu)
 Assignee: (unassigned) = Yolanda Robla (yolanda.robla)

** Changed in: horizon (Ubuntu Precise)
 Assignee: (unassigned) = Yolanda Robla (yolanda.robla)

** Changed in: keystone (Ubuntu)
 Assignee: (unassigned) = Yolanda Robla (yolanda.robla)

** Changed in: keystone (Ubuntu Precise)
 Assignee: (unassigned) = Yolanda Robla (yolanda.robla)

** Changed in: nova (Ubuntu)
 Assignee: (unassigned) = Yolanda Robla (yolanda.robla)

** Changed in: nova (Ubuntu Precise)
 Assignee: (unassigned) = Yolanda Robla (yolanda.robla)

** Changed in: glance (Ubuntu)
   Status: Invalid = Fix Committed

** Changed in: horizon (Ubuntu Precise)
   Status: Confirmed = Fix Committed

** Changed in: horizon (Ubuntu)
   Status: Invalid = Fix Committed

** Changed in: keystone (Ubuntu)
   Status: Invalid = Fix Committed

** Changed in: keystone (Ubuntu Precise)
   Status: Confirmed = Fix Committed

** Changed in: nova (Ubuntu)
   Status: Invalid = Fix Committed

** Changed in: nova (Ubuntu Precise)
   Status: Confirmed = Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488

Title:
  Meta bug for tracking Openstack Stable Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Yolanda Robla]

** Also affects: glance (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488

Title:
  Meta bug for tracking Openstack Stable Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Yolanda Robla]

** Description changed:

  This is a meta-bug used for tracking progress of new updates to Nova,
  Horizon, Keystone.
  
- nova (2012.1.4+stable-20130402-e52e6912-0ubuntu1) precise-proposed;
+ nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1) precise-proposed;
  urgency=low
  
-   [ Chuck Short ]
-   * debian/*.logrotate: compress logfiles when they are rotated. (LP:
- #1049915)
- 
-   [ Yolanda Robla Mota ]
-   * Resynchronize with stable/essex (LP: #1089488):
+   * Resynchronize with stable/essex (e52e6912) (LP: #1089488):
  - [48e81f1] VNC proxy can be made to connect to wrong VM LP: 1125378
  - [3bf5a58] snat rule too broad for some network configurations LP: 
1048765
  - [efaacda] DOS by allocating all fixed ips LP: 1125468
  - [b683ced] Add nosehtmloutput as a test dependency.
  - [45274c8] Nova unit tests not running, but still passing for 
stable/essex
LP: 1132835
  - [e02b459] vnc unit-test fixes
  - [87361d3] Jenkins jobs fail because of incompatibility between 
sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
  - [e98928c] VNC proxy can be made to connect to wrong VM LP: 1125378
  - [c0a10db] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
  - [243d516] No authentication on block device used for os-volume_boot
LP: 1069904
  - [80fefe5] use_single_default_gateway does not function correctly
(LP: #1075859)
  - [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached (LP: #1079745)
  - [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow (LP: #1062314)
  - [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip (LP: #1017633)
  - [20f98c5] failed to allocate fixed ip because old deleted one exists
(LP: #996482)
  - [75f6922] snapshot stays in saving state if the vm base image is deleted
(LP: #921774)
  - [1076699] lock files may be removed in error dues to permissions issues
(LP: #1051924)
  - [40c5e94] ensure_default_security_group() does not call sgh (LP: 
#1050982)
  - [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called (LP: #1046313)
  - [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough (LP: #1045152)
  - [b375b4f] When attach volume lost attach when node restart (LP: 
#1004791)
  - [4ac2dcc] nova usage-list returns  wrong usage (LP: #1043999)
  - [014fcbc] Bridge port's hairpin mode not set after resuming a machine
(LP: #1040537)
  - [2f35f8e] Nova flavor ephemeral space size reported incorrectly
(LP: #1026210)
+   * Dropped, superseeded by new snapshot:
+ - debian/patches/CVE-2013-0335.patch: [48e81f1]
+ - debian/patches/CVE-2013-1838.patch: [efaacda]
+ - debian/patches/CVE-2013-1664.patch: [c0a10db]
+ - debian/patches/CVE-2013-0208.patch: [243d516]
  
-  -- Yolanda Robla Mota yolanda.ro...@canonical.com  Fri, 05 Apr 2013
- 09:59:20 +0100
+  -- Yolanda yolanda.ro...@canonical.com  Mon, 22 Apr 2013 12:37:08
+ +0200
  
- horizon (2012.1.4+stable-20130405-5ce39422-0ubuntu1) precise-proposed;
+ horizon (2012.1.3+stable-20130423-5ce39422-0ubuntu1) precise-proposed;
  urgency=low
  
-   * Resynchronize with stable/essex (LP: #1089488):
+   * Resynchronize with stable/essex (LP: #1089488)
  - [7e651d7] stable/essex horizon installs unusable version of glance
(LP: #1057125)
  - [35eada8] open redirect / phishing attack via next parameter
(LP: #1039077)
  - [8889311] TypeError when trying to delete an unnamed volume via 
dashboard
(LP: #1031291)
  - [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
  - [9b22d68] When adding ICMP rule, the type/code is being validated as
from/to ports (LP: #997669)
  - [52bbba1] Added --only-selenium option in run_tests.sh
- 
-   * Dropped patches, superseeded by snapshot:
+   * Dropped patches, superseeded by new snapshot: 
  - debian/patches/CVE-2012-3540.patch [35eada8]
  
-  -- Yolanda Robla Mota yolanda.ro...@canonical.com  Fri, 05 Apr 2013
- 10:14:44 +0100
+  -- Yolanda yolanda.ro...@canonical.com  Wed, 24 Apr 2013 15:46:28
+ +0200
  
- keystone (2012.1.4+stable-20130405-f48dd0fc-0ubuntu1) precise-proposed;
+ keystone (2012.1.3+stable-20130423-f48dd0fc-0ubuntu1) precise-proposed;
  urgency=low
  
-   [ Chuck Short ]
-   * debian/keystone.logrotate: Compress log file when rotated. (LP: #1049309)
- 
-   [ Yolanda Robla Mota ]
* Resynchronize with stable/essex (LP: #1089488):
  - [7402f5e] EC2 authentication does not ensure user or tenant is enabled
LP: 1121494
  - [8945567] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
  - [7b5b72f] Add size validations for /tokens.
  - [ef1e682] docutils 0.10 incompatible with sphinx 1.1.3 LP: 1091333
  - [8735009] Removing 

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Yolanda Robla]

** Also affects: glance
   Importance: Undecided
   Status: New

** No longer affects: glance

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488

Title:
  Meta bug for tracking Openstack Stable Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Yolanda Robla]

Resubmitted changelogs for that SRU

** Description changed:

  This is a meta-bug used for tracking progress of new updates to Nova,
  Horizon, Keystone.
  
- nova (2012.1.4+stable-20121217-9f277e38-0ubuntu1) precise-proposed;
+ nova (2012.1.4+stable-20130402-e52e6912-0ubuntu1) precise-proposed;
  urgency=low
  
[ Chuck Short ]
-   * debian/*.logrotate: compress logfiles when they are rotated. (LP: 
#1049915)
+   * debian/*.logrotate: compress logfiles when they are rotated. (LP:
+ #1049915)
  
[ Yolanda Robla Mota ]
-   * Resynchronize with stable/essex (9f277e38):
+   * Resynchronize with stable/essex (LP: #1089488):
+ - [48e81f1] VNC proxy can be made to connect to wrong VM LP: 1125378
+ - [3bf5a58] snat rule too broad for some network configurations LP: 
1048765
+ - [efaacda] DOS by allocating all fixed ips LP: 1125468
+ - [b683ced] Add nosehtmloutput as a test dependency.
+ - [45274c8] Nova unit tests not running, but still passing for 
stable/essex
+   LP: 1132835
+ - [e02b459] vnc unit-test fixes
+ - [87361d3] Jenkins jobs fail because of incompatibility between 
sqlalchemy-
+   migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
+ - [e98928c] VNC proxy can be made to connect to wrong VM LP: 1125378
+ - [c0a10db] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
+ - [243d516] No authentication on block device used for os-volume_boot
+   LP: 1069904
  - [80fefe5] use_single_default_gateway does not function correctly
(LP: #1075859)
  - [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached (LP: #1079745)
  - [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow (LP: #1062314)
  - [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip (LP: #1017633)
  - [20f98c5] failed to allocate fixed ip because old deleted one exists
(LP: #996482)
  - [75f6922] snapshot stays in saving state if the vm base image is deleted
(LP: #921774)
  - [1076699] lock files may be removed in error dues to permissions issues
(LP: #1051924)
  - [40c5e94] ensure_default_security_group() does not call sgh (LP: 
#1050982)
  - [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called (LP: #1046313)
  - [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough (LP: #1045152)
  - [b375b4f] When attach volume lost attach when node restart (LP: 
#1004791)
  - [4ac2dcc] nova usage-list returns  wrong usage (LP: #1043999)
  - [014fcbc] Bridge port's hairpin mode not set after resuming a machine
(LP: #1040537)
  - [2f35f8e] Nova flavor ephemeral space size reported incorrectly
(LP: #1026210)
  
-  -- Yolanda Robla Mota yolanda.ro...@canonical.com  Mon, 17 Dec 2012
- 10:39:28 +
+  -- Yolanda Robla Mota yolanda.ro...@canonical.com  Fri, 05 Apr 2013
+ 09:59:20 +0100
  
+ horizon (2012.1.4+stable-20130405-5ce39422-0ubuntu1) precise-proposed;
+ urgency=low
  
- horizon (2012.1.4+stable-20121217-5ce39422-0ubuntu1) precise-proposed; 
urgency=low
- 
-   * Resynchronize with stable/essex (5ce39422):
+   * Resynchronize with stable/essex (LP: #1089488):
  - [7e651d7] stable/essex horizon installs unusable version of glance
(LP: #1057125)
  - [35eada8] open redirect / phishing attack via next parameter
-   (CVE-2012-3540)
+   (LP: #1039077)
  - [8889311] TypeError when trying to delete an unnamed volume via 
dashboard
(LP: #1031291)
  - [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
+ - [9b22d68] When adding ICMP rule, the type/code is being validated as
+   from/to ports (LP: #997669)
+ - [52bbba1] Added --only-selenium option in run_tests.sh
  
* Dropped patches, superseeded by snapshot:
  - debian/patches/CVE-2012-3540.patch [35eada8]
  
-  -- Yolanda Robla Mota yolanda.ro...@canonical.com  Mon, 17 Dec 2012
- 11:05:44 +
+  -- Yolanda Robla Mota yolanda.ro...@canonical.com  Fri, 05 Apr 2013
+ 10:14:44 +0100
  
- 
- keystone (2012.1.4+stable-20121217-c17a9992-0ubuntu1) precise-proposed; 
urgency=low
+ keystone (2012.1.4+stable-20130405-f48dd0fc-0ubuntu1) precise-proposed;
+ urgency=low
  
[ Chuck Short ]
* debian/keystone.logrotate: Compress log file when rotated. (LP: #1049309)
  
[ Yolanda Robla Mota ]
-   * Resynchronize with stable/essex (c17a9992):
+   * Resynchronize with stable/essex (LP: #1089488):
+ - [7402f5e] EC2 authentication does not ensure user or tenant is enabled
+   LP: 1121494
+ - [8945567] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
+ - [7b5b72f] Add size validations for /tokens.
+ - [ef1e682] docutils 0.10 incompatible with sphinx 1.1.3 LP: 1091333
  - [8735009] Removing user from a tenant isn't invalidating user access to
-   tenant (CVE-2012-5571)

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Yolanda Robla]

Can you inform me about the progress of that? I was posted on December
so we wanted to check if there is any blocker.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488

Title:
  Meta bug for tracking Openstack Stable Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1089488/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Yolanda Robla]

** No longer affects: glance (Ubuntu)

** No longer affects: glance (Ubuntu Precise)

** Description changed:

  This is a meta-bug used for tracking progress of new updates to Nova,
- Horizon, Keystone, and Glance.
+ Horizon, Keystone.
  
- nova (2012.1.4+stable-20121212-bd102419-0ubuntu1) precise-proposed;
+ nova (2012.1.4+stable-20121217-9f277e38-0ubuntu1) precise-proposed;
  urgency=low
  
-   [ Yolanda Robla ]
-   * Dropped patches, applied upstream:
- - debian/patches/CVE-2012-3447.patch: update to perform the file name
-   canonicalization as the root user
- - debian/patches/CVE-2012-3371.patch: lookup instance ids only once
-   instead of once for each scheduler hint instance id.
- - debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
-   be injected in arbitrary locations
+   [ Chuck Short ]
+   * debian/*.logrotate: compress logfiles when they are rotated. (LP: 
#1049915)
  
-   * Resynchronize with stable/essex (bd102419):
- - [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
-   attached (LP: #1079745)
- - [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
-   slow (LP: #1062314)
- - [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
-   fixed_ip (LP: #1017633)
- - [20f98c5] failed to allocate fixed ip because old deleted one exists 
(LP: #996482)
- - [75f6922] snapshot stays in saving state if the vm base image is 
deleted 
+   [ Yolanda Robla Mota ]
+   * Resynchronize with stable/essex (9f277e38):
+ - [80fefe5] use_single_default_gateway does not function correctly
+   (LP: #1075859)
+ - [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
+   attached (LP: #1079745)
+ - [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
+   slow (LP: #1062314)
+ - [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
+   fixed_ip (LP: #1017633)
+ - [20f98c5] failed to allocate fixed ip because old deleted one exists
+   (LP: #996482)
+ - [75f6922] snapshot stays in saving state if the vm base image is deleted
(LP: #921774)
- - [1076699] lock files may be removed in error dues to permissions issues 
+ - [1076699] lock files may be removed in error dues to permissions issues
(LP: #1051924)
- - [40c5e94] ensure_default_security_group() does not call sgh (LP: 
#1050982)
- - [4eebe76] At termination, LXC rootfs is not always unmounted before
-   rmtree() is called (LP: #1046313)
- - [47dabb3] Heavily loaded nova-compute instances don't sent reports
-   frequently enough (LP: #1045152)
- - [b375b4f] When attach volume lost attach when node restart (LP: 
#1004791)
- - [4ac2dcc] nova usage-list returns  wrong usage (LP: #1043999)
- - [014fcbc] Bridge port's hairpin mode not set after resuming a machine 
(LP: #1040537)
- - [2f35f8e] Nova flavor ephemeral space size reported incorrectly (LP: 
#1026210)
+ - [40c5e94] ensure_default_security_group() does not call sgh (LP: 
#1050982)
+ - [4eebe76] At termination, LXC rootfs is not always unmounted before
+   rmtree() is called (LP: #1046313)
+ - [47dabb3] Heavily loaded nova-compute instances don't sent reports
+   frequently enough (LP: #1045152)
+ - [b375b4f] When attach volume lost attach when node restart (LP: 
#1004791)
+ - [4ac2dcc] nova usage-list returns  wrong usage (LP: #1043999)
+ - [014fcbc] Bridge port's hairpin mode not set after resuming a machine
+   (LP: #1040537)
+ - [2f35f8e] Nova flavor ephemeral space size reported incorrectly
+   (LP: #1026210)
  
-  -- Yolanda Robla yolanda.ro...@canonical.com  Wed, 12 Dec 2012
- 10:26:00 +0100
+  -- Yolanda Robla Mota yolanda.ro...@canonical.com  Mon, 17 Dec 2012
+ 10:39:28 +
  
- horizon (2012.1.4+stable-20121212-5ce39422-0ubuntu1) precise-proposed;
- urgency=low
  
-   [ Yolanda Robla ]
-   * Dropped patches, applied upstream:
- - debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
-   other than the same origin
+ horizon (2012.1.4+stable-20121217-5ce39422-0ubuntu1) precise-proposed; 
urgency=low
  
-   * Resynchronize with stable/essex (5ce39422) LP: #1089466:
- - [7e651d7] stable/essex horizon installs unusable version of glance (LP: 
#1057125)
- - [35eada8] open redirect / phishing attack via next parameter (LP: 
#1039077)
- - [8889311] TypeError when trying to delete an unnamed volume via 
dashboard 
+   * Resynchronize with stable/essex (5ce39422):
+ - [7e651d7] stable/essex horizon installs unusable version of glance
+   (LP: #1057125)
+ - [35eada8] open redirect / phishing attack via next parameter
+   (CVE-2012-3540)
+ - [8889311] TypeError when trying to delete an unnamed volume via 
dashboard
(LP: #1031291)
- - [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
+ - [f862d9e] Wrong 'Download CSV 

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Yolanda Robla]

** Description changed:

  This is a meta-bug used for tracking progress of new updates to Nova,
  Horizon, Keystone, and Glance.
  
  nova (2012.1.4+stable-20121212-bd102419-0ubuntu1) precise-proposed;
  urgency=low
  
    [ Yolanda Robla ]
    * Dropped patches, applied upstream:
  - debian/patches/CVE-2012-3447.patch: update to perform the file name
    canonicalization as the root user
  - debian/patches/CVE-2012-3371.patch: lookup instance ids only once
    instead of once for each scheduler hint instance id.
  - debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
    be injected in arbitrary locations
  
    * Resynchronize with stable/essex (bd102419):
  - [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
-   attached
+   attached (LP: #1079745)
  - [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
-   slow
+   slow (LP: #1062314)
  - [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
-   fixed_ip
- - [20f98c5] failed to allocate fixed ip because old deleted one exists
- - [75f6922] snapshot stays in saving state if the vm base image is deleted
- - [1076699] lock files may be removed in error dues to permissions issues
- - [40c5e94] ensure_default_security_group() does not call sgh
+   fixed_ip (LP: #1017633)
+ - [20f98c5] failed to allocate fixed ip because old deleted one exists 
(LP: #996482)
+ - [75f6922] snapshot stays in saving state if the vm base image is 
deleted 
+   (LP: #921774)
+ - [1076699] lock files may be removed in error dues to permissions issues 
+   (LP: #1051924)
+ - [40c5e94] ensure_default_security_group() does not call sgh (LP: 
#1050982)
  - [4eebe76] At termination, LXC rootfs is not always unmounted before
-   rmtree() is called
+   rmtree() is called (LP: #1046313)
  - [47dabb3] Heavily loaded nova-compute instances don't sent reports
-   frequently enough
- - [b375b4f] When attach volume lost attach when node restart
- - [4ac2dcc] nova usage-list returns  wrong usage
- - [014fcbc] Bridge port's hairpin mode not set after resuming a machine
- - [2f35f8e] Nova flavor ephemeral space size reported incorrectly
+   frequently enough (LP: #1045152)
+ - [b375b4f] When attach volume lost attach when node restart (LP: 
#1004791)
+ - [4ac2dcc] nova usage-list returns  wrong usage (LP: #1043999)
+ - [014fcbc] Bridge port's hairpin mode not set after resuming a machine 
(LP: #1040537)
+ - [2f35f8e] Nova flavor ephemeral space size reported incorrectly (LP: 
#1026210)
  
   -- Yolanda Robla yolanda.ro...@canonical.com  Wed, 12 Dec 2012
  10:26:00 +0100
  
  horizon (2012.1.4+stable-20121212-5ce39422-0ubuntu1) precise-proposed;
  urgency=low
  
    [ Yolanda Robla ]
    * Dropped patches, applied upstream:
  - debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
    other than the same origin
  
    * Resynchronize with stable/essex (5ce39422) LP: #1089466:
- - [7e651d7] stable/essex horizon installs unusable version of glance
- - [35eada8] open redirect / phishing attack via next parameter
- - [8889311] TypeError when trying to delete an unnamed volume via 
dashboard
- - [f862d9e] Wrong 'Download CSV Summary' link
+ - [7e651d7] stable/essex horizon installs unusable version of glance (LP: 
#1057125)
+ - [35eada8] open redirect / phishing attack via next parameter (LP: 
#1039077)
+ - [8889311] TypeError when trying to delete an unnamed volume via 
dashboard 
+   (LP: #1031291)
+ - [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
  
   -- Yolanda Robla yolanda.ro...@canonical.com  Wed, 12 Dec 2012
  14:25:33 +0100
  
  glance (2012.1.3+stable-20121211-efd7e75b-0ubuntu1) precise-proposed;
  urgency=low
  
    [ Yolanda Robla ]
    * Dropped patches, applied upstream:
  - debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
    ensure image is owned by user before delayed_deletion
  
    * Resynchronize with stable/essex (efd7e75b):
  - [efd7e75] Non-admin users can cause public glance images to be deleted
-   from the backend storage repository
+   from the backend storage repository (LP: #1065187)
  - [e6be061] Jenkins jobs fail because of incompatibility between 
sqlalchemy-
-   migrate and the newest sqlalchemy-0.8.0b1
+   migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
  
    * debian/rules: skipping pep8 tests to allow building
  
   -- Yolanda Robla yolanda.ro...@canonical.com  Tue, 11 Dec 2012
  20:31:00 +0100
  
+ keystone (2012.1+stable-20121211-c17a9992-0ubuntu1) precise-proposed;
+ urgency=low
  
- keystone (2012.1+stable-20121211-c17a9992-0ubuntu1) precise-proposed; 
urgency=low
+   [ Yolanda Robla ]
+   * Dropped patches, applied upstream:
+ - debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify
+   

[Bug 1089488] Re: Meta bug for tracking Openstack Stable Updates

[Adam Gandelman]

** Also affects: nova (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Also affects: glance (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Also affects: keystone (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Also affects: horizon (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Changed in: glance (Ubuntu)
   Status: Confirmed = Invalid

** Changed in: glance (Ubuntu Precise)
   Status: New = Confirmed

** Changed in: horizon (Ubuntu)
   Status: Confirmed = Invalid

** Changed in: horizon (Ubuntu Precise)
   Status: New = Confirmed

** Changed in: keystone (Ubuntu)
   Status: Confirmed = Invalid

** Changed in: keystone (Ubuntu Precise)
   Status: New = Confirmed

** Changed in: nova (Ubuntu)
   Status: Confirmed = Invalid

** Changed in: nova (Ubuntu Precise)
   Status: New = Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1089488

Title:
  Meta bug for tracking Openstack Stable Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs