All Ubuntu package versions


AllTrustySaucyRaringQuantalPreciseLucidAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
CommentsResqueStathatMemoryTracker

Package "glance"

Name: glance

Description:

OpenStack Image Registry and Delivery Service - Daemons

Latest version: 2012.2.4-0ubuntu1.1
Release: quantal (12.10)
Level: updates
Repository: main
Homepage: http://launchpad.net/glance

Links

Save this URL for the latest version of "glance": http://www.ubuntuupdates.org/glance

All versions of this package Bug fixes
List of files in package Repository home page for package

Download "glance"

All arch deb package APT INSTALL

Other versions of "glance" in Quantal

RepositoryAreaVersion
base universe 2012.2-0ubuntu2
base main 2012.2-0ubuntu2
security main 2012.2.4-0ubuntu1.1
security universe 2012.2.4-0ubuntu1.1
updates universe 2012.2.4-0ubuntu1.1

Packages in group

Deleted packages are displayed in grey.

glance-api glance-common glance-registry python-glance python-glance-doc

Change Log

Version: 2012.2.4-0ubuntu1.1 2013-10-23 21:06:54 UTC

  glance (2012.2.4-0ubuntu1.1) quantal-security; urgency=low

  * SECURITY UPDATE: enforce 'download_image' policy in cache middleware
    - debian/patches/CVE-2013-4428.patch: fix confusing behavior when using
      download_image. Ie, return 403 rather than empty content (LP: #1235378)
    - CVE-2013-4428
 -- Jamie Strandboge <email address hidden> Tue, 22 Oct 2013 13:42:27 -0500

Source diff to previous version
1235378 [OSSA 2013-027] 'image_download' role in v2 causes traceback
CVE-2013-4428 image_download policy not enforced for cached images

Version: 2012.2.4-0ubuntu1 2013-06-06 05:07:34 UTC

  glance (2012.2.4-0ubuntu1) quantal-proposed; urgency=low

  [ Adam Gandelman ]
  * Dropped patches, applied upstream:
    - debian/patches/CVE-2013-1840.patch: [dd849a9]
  * Resynchronize with stable/folsom (dbd3d3d7) (LP: #1179707):
    - [cfaa2d8] repeated deletion on image member does not result in 404
      LP: 1157427
    - [5b4d21d] glance-cache-prefetcher explodes when no auth parameters were
      configured LP: 1157765
    - [dd849a9] v1 api returns location as header for cached images LP: 1135541
    - [04f88c8] 500 error returned when an Admin tries to delete membership of
      image from a non-existent /invalid tenant LP: 1060868
    - [5597697] Fragile Test:
      glance.tests.functional.test_bin_glance:TestBinGlance.test_update_copying_from
      LP: 1107768
    - [5183360] filesystem store does not clean up after premature termination
      of image upload LP: 1104924
    - [03dc862] mismatched image size or checksum leaves behind dangling image
      data LP: 1122299
    - [12d28c3] UserWarning on deprecation of legacy glance client inappropriate
      for internal usage LP: 1129445
    - [afe6166] 'glance-cache-manage list-cached' does not show 'last accessed'
      and 'last modified' fields in human-readable format' LP: 1102334
    - [ee13560] Fix broken JSON schemas in v2 tests

  [ Chuck Short ]
  * debian/patches/disable-swift-tests.patch: Refreshed.
 -- Adam Gandelman <email address hidden> Thu, 25 Apr 2013 17:39:57 -0400

Source diff to previous version
CVE-2013-1840 Backend credentials leak in Glance v1 API

Version: 2012.2.3-0ubuntu2 2013-04-25 21:06:44 UTC

  glance (2012.2.3-0ubuntu2) quantal-proposed; urgency=low

  * Resync with latest security update.
  * SECURITY UPDATE: fix information disclosure via Glance v1 API
    - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
      not show image_meta['location']
    - CVE-2013-1840
 -- James Page <email address hidden> Fri, 22 Mar 2013 11:48:52 +0000

Source diff to previous version
CVE-2013-1840 Backend credentials leak in Glance v1 API

Version: 2012.2.1-0ubuntu1.2 2013-03-14 23:06:34 UTC

  glance (2012.2.1-0ubuntu1.2) quantal-security; urgency=low

  * SECURITY UPDATE: fix information disclosure via Glance v1 API
    - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
      not show image_meta['location']
    - CVE-2013-1840
 -- Jamie Strandboge <email address hidden> Wed, 13 Mar 2013 15:39:08 -0500

Source diff to previous version
CVE-2013-1840 Backend credentials leak in Glance v1 API

Version: 2012.2.1-0ubuntu1.1 2013-01-30 00:07:09 UTC

  glance (2012.2.1-0ubuntu1.1) quantal-security; urgency=low

  * SECURITY UPDATE: information disclosure via swift error messages
    - debian/patches/CVE-2013-0212.patch: adjust glance/store/swift.py to
      mot show URLs and credentials in error messages and log output
    - CVE-2013-0212
 -- Jamie Strandboge <email address hidden> Tue, 29 Jan 2013 09:13:09 -0600

CVE-2013-0212 Backend password leak in Glance error message



About   -   Changelog   -   Send Feedback