All Ubuntu package versions


AllRaringQuantalPreciseOneiricNattyLucidHardyAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
Comments

Package "glance"

Name: glance

Description:

OpenStack Image Registry and Delivery Service - Daemons
Latest version: 2012.2.3-0ubuntu2
Release: quantal (12.10)
Level: updates
Repository: main
Homepage: http://launchpad.net/glance

Links

Save this URL for the latest version of "glance": http://www.ubuntuupdates.org/glance

All versions of this package Bug fixes
List of files in package Repository home page for package

Download "glance"

All arch deb package APT INSTALL

Other versions of "glance" in Quantal

RepositoryAreaVersion
base universe 2012.2-0ubuntu2
base main 2012.2-0ubuntu2
security main 2012.2.1-0ubuntu1.2
security universe 2012.2.1-0ubuntu1.2
updates universe 2012.2.3-0ubuntu2
proposed main 2012.2.4-0ubuntu1
proposed universe 2012.2.4-0ubuntu1

Packages in group

Deleted packages are displayed in grey.

glance-api glance-common glance-registry python-glance python-glance-doc

Change Log

Version: 2012.2.3-0ubuntu2 2013-04-25 21:06:44 UTC

  glance (2012.2.3-0ubuntu2) quantal-proposed; urgency=low

  * Resync with latest security update.
  * SECURITY UPDATE: fix information disclosure via Glance v1 API
    - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
      not show image_meta['location']
    - CVE-2013-1840
 -- James Page <email address hidden> Fri, 22 Mar 2013 11:48:52 +0000
Source diff to previous version
CVE-2013-1840 Backend credentials leak in Glance v1 API

Version: 2012.2.1-0ubuntu1.2 2013-03-14 23:06:34 UTC

  glance (2012.2.1-0ubuntu1.2) quantal-security; urgency=low

  * SECURITY UPDATE: fix information disclosure via Glance v1 API
    - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
      not show image_meta['location']
    - CVE-2013-1840
 -- Jamie Strandboge <email address hidden> Wed, 13 Mar 2013 15:39:08 -0500
Source diff to previous version
CVE-2013-1840 Backend credentials leak in Glance v1 API

Version: 2012.2.1-0ubuntu1.1 2013-01-30 00:07:09 UTC

  glance (2012.2.1-0ubuntu1.1) quantal-security; urgency=low

  * SECURITY UPDATE: information disclosure via swift error messages
    - debian/patches/CVE-2013-0212.patch: adjust glance/store/swift.py to
      mot show URLs and credentials in error messages and log output
    - CVE-2013-0212
 -- Jamie Strandboge <email address hidden> Tue, 29 Jan 2013 09:13:09 -0600
Source diff to previous version
CVE-2013-0212 Backend password leak in Glance error message

Version: 2012.2.1-0ubuntu1 2013-01-29 14:06:39 UTC

  glance (2012.2.1-0ubuntu1) quantal-proposed; urgency=low

  * Dropped patches, applied upstream:
    - debian/patches/CVE-2012-4573.patch
    - debian/patches/CVE-2012-4573b.patch
  * Resynchronize with stable/folsom (199783ce) (LP: #1085255):
    - [49408e9] Glance image-delete HTTPInternalServerError HTTP 500
      (LP: #1075580)
    - [91aaa48] Image fails to upload to swift: TypeError: object of type
      'CooperativeReader' has no len( (LP: #1057322)
    - [a296a5b] Return 403 when admin deletes a deleted image (LP: #1060944)
    - [3e58a6a] Disallow updating deleted images. (LP: #1060930)
    - [26c8085] admins can see deleted images in v2 api (LP: #1071446)
    - [8321ca6] No exclude option to skip tests in run_tests.sh (LP: #1065758)
    - [c3bea11] Badly named stable/folsom Glance tarballs (LP: #1059634)
    - [fc0ee76] Non-admin users can cause public glance images to be deleted
      from the backend storage repository in the v2 api (LP: #1076506)
    - [90bcdc5] Non-admin users can cause public glance images to be deleted
      from the backend storage repository (LP: #1065187)
    - [7841cc9] FakeAuth not always admin
    - [ddad275] Jenkins jobs fail because of incompatibility between sqlalchemy-
      migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
    - [1d5c651] nosetest options cause no such option errors (LP: #1056420)
    - [ac223e2] Set defaultbranch in .gitreview to stable/folsom
 -- Adam Gandelman <email address hidden> Tue, 04 Dec 2012 09:19:35 -0800
Source diff to previous version
1075580 Glance image-delete HTTPInternalServerError HTTP 500
1057322 Image fails to upload to swift: TypeError: object of type 'CooperativeReader' has no len(
1060944 v1 API returns 200 OK when an admin deletes a deleted image
1060930 Admin can update metadata of a deleted image
1071446 admins can see deleted images in v2 api
1065758 No exclude option to skip tests in run_tests.sh
1059634 Badly named stable/folsom Glance tarballs
1076506 Non-admin users can cause public glance images to be deleted from the backend storage repository in the v2 api
1065187 Non-admin users can cause public glance images to be deleted from the backend storage repository
1056420 nosetest options cause no such option errors
CVE-2012-4573 The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected image

Version: 2012.2-0ubuntu2.3 2012-11-10 00:06:53 UTC

  glance (2012.2-0ubuntu2.3) quantal-security; urgency=low

  * SECURITY UPDATE: deletion of arbitrary public and shared images via
    authenticated user
    - debian/patches/CVE-2012-4573b.patch: previous patch was incomplete.
      Make corresponding change to glance/api/v2/images.py
    - CVE-2012-4573
  * debian/control: add Build-Depends-Indep on python-chardet. This is needed
    by python-requests to do encoding detection which otherwise fails in the
    new tests introduced in CVE-2012-4573b.patch.
 -- Jamie Strandboge <email address hidden> Fri, 09 Nov 2012 06:53:44 -0600


About   -   Changelog   -   Send Feedback
Site Meter