** Description changed: This is a meta-bug used for tracking progress of new updates to Nova, Horizon, Keystone, and Glance. nova (2012.1.4+stable-20121212-bd102419-0ubuntu1) precise-proposed; urgency=low [ Yolanda Robla ] * Dropped patches, applied upstream: - debian/patches/CVE-2012-3447.patch: update to perform the file name canonicalization as the root user - debian/patches/CVE-2012-3371.patch: lookup instance ids only once instead of once for each scheduler hint instance id. - debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot be injected in arbitrary locations * Resynchronize with stable/essex (bd102419): - [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes - attached + attached (LP: #1079745) - [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very - slow + slow (LP: #1062314) - [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted - fixed_ip - - [20f98c5] failed to allocate fixed ip because old deleted one exists - - [75f6922] snapshot stays in saving state if the vm base image is deleted - - [1076699] lock files may be removed in error dues to permissions issues - - [40c5e94] ensure_default_security_group() does not call sgh + fixed_ip (LP: #1017633) + - [20f98c5] failed to allocate fixed ip because old deleted one exists (LP: #996482) + - [75f6922] snapshot stays in saving state if the vm base image is deleted + (LP: #921774) + - [1076699] lock files may be removed in error dues to permissions issues + (LP: #1051924) + - [40c5e94] ensure_default_security_group() does not call sgh (LP: #1050982) - [4eebe76] At termination, LXC rootfs is not always unmounted before - rmtree() is called + rmtree() is called (LP: #1046313) - [47dabb3] Heavily loaded nova-compute instances don't sent reports - frequently enough - - [b375b4f] When attach volume lost attach when node restart - - [4ac2dcc] nova usage-list returns wrong usage - - [014fcbc] Bridge port's hairpin mode not set after resuming a machine - - [2f35f8e] Nova flavor ephemeral space size reported incorrectly + frequently enough (LP: #1045152) + - [b375b4f] When attach volume lost attach when node restart (LP: #1004791) + - [4ac2dcc] nova usage-list returns wrong usage (LP: #1043999) + - [014fcbc] Bridge port's hairpin mode not set after resuming a machine (LP: #1040537) + - [2f35f8e] Nova flavor ephemeral space size reported incorrectly (LP: #1026210) -- Yolanda Robla <[email protected]> Wed, 12 Dec 2012 10:26:00 +0100 horizon (2012.1.4+stable-20121212-5ce39422-0ubuntu1) precise-proposed; urgency=low [ Yolanda Robla ] * Dropped patches, applied upstream: - debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere other than the same origin * Resynchronize with stable/essex (5ce39422) LP: #1089466: - - [7e651d7] stable/essex horizon installs unusable version of glance - - [35eada8] open redirect / phishing attack via "next" parameter - - [8889311] TypeError when trying to delete an unnamed volume via dashboard - - [f862d9e] Wrong 'Download CSV Summary' link + - [7e651d7] stable/essex horizon installs unusable version of glance (LP: #1057125) + - [35eada8] open redirect / phishing attack via "next" parameter (LP: #1039077) + - [8889311] TypeError when trying to delete an unnamed volume via dashboard + (LP: #1031291) + - [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555) -- Yolanda Robla <[email protected]> Wed, 12 Dec 2012 14:25:33 +0100 glance (2012.1.3+stable-20121211-efd7e75b-0ubuntu1) precise-proposed; urgency=low [ Yolanda Robla ] * Dropped patches, applied upstream: - debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to ensure image is owned by user before delayed_deletion * Resynchronize with stable/essex (efd7e75b): - [efd7e75] Non-admin users can cause public glance images to be deleted - from the backend storage repository + from the backend storage repository (LP: #1065187) - [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy- - migrate and the newest sqlalchemy-0.8.0b1 + migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569) * debian/rules: skipping pep8 tests to allow building -- Yolanda Robla <[email protected]> Tue, 11 Dec 2012 20:31:00 +0100 + keystone (2012.1+stable-20121211-c17a9992-0ubuntu1) precise-proposed; + urgency=low - keystone (2012.1+stable-20121211-c17a9992-0ubuntu1) precise-proposed; urgency=low + [ Yolanda Robla ] + * Dropped patches, applied upstream: + - debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify + that the user is in at least one valid role for the tenant + - debian/patches/keystone-CVE-2012-4413.patch: invalidate all user + tokens upon role grant/revoke + - debian/patches/keystone-CVE-2012-3542: require authz to update a + user's tenant. + * Resynchronize with stable/essex (c17a9992) LP: #1089488: + - [8735009] Removing user from a tenant isn't invalidating user access to + tenant (LP: #1064914) + - [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy- + migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569) + - [ddb4019] Open 2012.1.4 development + - [0e1f05e] memcache driver needs protection against unicode user keys (LP: #1056373) + - [176ee9b] Token invalidation in case of role grant/revoke should be + limited to affected tenant (LP: #1050025) + - [58ac669] Token validation includes revoked roles (CVE-2012-4413) + - [cd1e48a] Memcached Token Backend does not support list tokens (LP: #1046905) + - [5438d3b] Update user's default tenant partially succeeds without authz + (LP: #1040626) - [ Yolanda Robla ] - * Dropped patches, applied upstream: - - debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify - that the user is in at least one valid role for the tenant - - debian/patches/keystone-CVE-2012-4413.patch: invalidate all user - tokens upon role grant/revoke - - debian/patches/keystone-CVE-2012-3542: require authz to update a - user's tenant. - * Resynchronize with stable/essex (c17a9992) LP: #1089488: - - [8735009] Removing user from a tenant isn't invalidating user access to - tenant - - [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy- - migrate and the newest sqlalchemy-0.8.0b1 - - [ddb4019] Open 2012.1.4 development - - [0e1f05e] memcache driver needs protection against unicode user keys - - [176ee9b] Token invalidation in case of role grant/revoke should be - limited to affected tenant - - [58ac669] Token validation includes revoked roles (CVE-2012-4413) - - [cd1e48a] Memcached Token Backend does not support list tokens - - [5438d3b] Update user's default tenant partially succeeds without authz - - -- Yolanda <[email protected]> Tue, 11 Dec 2012 12:22:03 + -- Yolanda <[email protected]> Tue, 11 Dec 2012 12:22:03 +0100
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1089488 Title: Meta bug for tracking Openstack Stable Updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1089488/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
