All Ubuntu package versions


AllTrustySaucyRaringQuantalPreciseLucidAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
CommentsResqueStathatMemoryTracker

Package "glance"

Name: glance

Description:

OpenStack Image Registry and Delivery Service - Daemons

Latest version: 2012.2.4-0ubuntu1.1
Release: quantal (12.10)
Level: security
Repository: main
Homepage: http://launchpad.net/glance

Links

Save this URL for the latest version of "glance": http://www.ubuntuupdates.org/glance

All versions of this package Bug fixes
List of files in package Repository home page for package

Download "glance"

All arch deb package APT INSTALL

Other versions of "glance" in Quantal

RepositoryAreaVersion
base universe 2012.2-0ubuntu2
base main 2012.2-0ubuntu2
security universe 2012.2.4-0ubuntu1.1
updates universe 2012.2.4-0ubuntu1.1
updates main 2012.2.4-0ubuntu1.1

Packages in group

Deleted packages are displayed in grey.

glance-api glance-common glance-registry python-glance python-glance-doc

Change Log

Version: 2012.2.4-0ubuntu1.1 2013-10-23 20:06:55 UTC

  glance (2012.2.4-0ubuntu1.1) quantal-security; urgency=low

  * SECURITY UPDATE: enforce 'download_image' policy in cache middleware
    - debian/patches/CVE-2013-4428.patch: fix confusing behavior when using
      download_image. Ie, return 403 rather than empty content (LP: #1235378)
    - CVE-2013-4428
 -- Jamie Strandboge <email address hidden> Tue, 22 Oct 2013 13:42:27 -0500

Source diff to previous version
1235378 [OSSA 2013-027] 'image_download' role in v2 causes traceback
CVE-2013-4428 image_download policy not enforced for cached images

Version: 2012.2.1-0ubuntu1.2 2013-03-14 22:06:33 UTC

  glance (2012.2.1-0ubuntu1.2) quantal-security; urgency=low

  * SECURITY UPDATE: fix information disclosure via Glance v1 API
    - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
      not show image_meta['location']
    - CVE-2013-1840
 -- Jamie Strandboge <email address hidden> Wed, 13 Mar 2013 15:39:08 -0500

Source diff to previous version
CVE-2013-1840 Backend credentials leak in Glance v1 API

Version: 2012.2.1-0ubuntu1.1 2013-01-30 00:07:07 UTC

  glance (2012.2.1-0ubuntu1.1) quantal-security; urgency=low

  * SECURITY UPDATE: information disclosure via swift error messages
    - debian/patches/CVE-2013-0212.patch: adjust glance/store/swift.py to
      mot show URLs and credentials in error messages and log output
    - CVE-2013-0212
 -- Jamie Strandboge <email address hidden> Tue, 29 Jan 2013 09:13:09 -0600

Source diff to previous version
CVE-2013-0212 Backend password leak in Glance error message

Version: 2012.2-0ubuntu2.3 2012-11-09 22:06:51 UTC

  glance (2012.2-0ubuntu2.3) quantal-security; urgency=low

  * SECURITY UPDATE: deletion of arbitrary public and shared images via
    authenticated user
    - debian/patches/CVE-2012-4573b.patch: previous patch was incomplete.
      Make corresponding change to glance/api/v2/images.py
    - CVE-2012-4573
  * debian/control: add Build-Depends-Indep on python-chardet. This is needed
    by python-requests to do encoding detection which otherwise fails in the
    new tests introduced in CVE-2012-4573b.patch.
 -- Jamie Strandboge <email address hidden> Fri, 09 Nov 2012 06:53:44 -0600

Source diff to previous version

Version: 2012.2-0ubuntu2.2 2012-11-08 17:06:51 UTC

  glance (2012.2-0ubuntu2.2) quantal-security; urgency=low

  * SECURITY UPDATE: deletion of arbitrary public and shared images via
    authenticated user
    - debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
      ensure image is owned by user before delayed_deletion
    - CVE-2012-4573
  * debian/patches/fakeauth-not-always-admin.patch: add required testsuite
    patch in support of the testsuite changes in CVE-2012-4573.patch
 -- Jamie Strandboge <email address hidden> Thu, 08 Nov 2012 07:41:02 -0600




About   -   Changelog   -   Send Feedback