All Ubuntu package versions


AllTrustySaucyRaringQuantalPreciseLucidAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
CommentsResqueStathatMemoryTracker

Package "glance"

Name: glance

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • OpenStack Image Registry and Delivery Service - client

Latest version: 2012.2.4-0ubuntu1.1
Release: quantal (12.10)
Level: security
Repository: universe

Links

Save this URL for the latest version of "glance": http://www.ubuntuupdates.org/glance

All versions of this package Bug fixes
List of files in package Repository home page for package

Other versions of "glance" in Quantal

RepositoryAreaVersion
base universe 2012.2-0ubuntu2
base main 2012.2-0ubuntu2
security main 2012.2.4-0ubuntu1.1
updates universe 2012.2.4-0ubuntu1.1
updates main 2012.2.4-0ubuntu1.1

Packages in group

Deleted packages are displayed in grey.

glance-client

Change Log

Version: 2012.2.4-0ubuntu1.1 2013-10-23 20:06:54 UTC

  glance (2012.2.4-0ubuntu1.1) quantal-security; urgency=low

  * SECURITY UPDATE: enforce 'download_image' policy in cache middleware
    - debian/patches/CVE-2013-4428.patch: fix confusing behavior when using
      download_image. Ie, return 403 rather than empty content (LP: #1235378)
    - CVE-2013-4428
 -- Jamie Strandboge <email address hidden> Tue, 22 Oct 2013 13:42:27 -0500

Source diff to previous version
1235378 [OSSA 2013-027] 'image_download' role in v2 causes traceback
CVE-2013-4428 image_download policy not enforced for cached images

Version: 2012.2.1-0ubuntu1.2 2013-03-14 22:06:35 UTC

  glance (2012.2.1-0ubuntu1.2) quantal-security; urgency=low

  * SECURITY UPDATE: fix information disclosure via Glance v1 API
    - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
      not show image_meta['location']
    - CVE-2013-1840
 -- Jamie Strandboge <email address hidden> Wed, 13 Mar 2013 15:39:08 -0500

Source diff to previous version
CVE-2013-1840 Backend credentials leak in Glance v1 API

Version: 2012.2.1-0ubuntu1.1 2013-01-30 00:07:13 UTC

  glance (2012.2.1-0ubuntu1.1) quantal-security; urgency=low

  * SECURITY UPDATE: information disclosure via swift error messages
    - debian/patches/CVE-2013-0212.patch: adjust glance/store/swift.py to
      mot show URLs and credentials in error messages and log output
    - CVE-2013-0212
 -- Jamie Strandboge <email address hidden> Tue, 29 Jan 2013 09:13:09 -0600

Source diff to previous version
CVE-2013-0212 Backend password leak in Glance error message

Version: 2012.2-0ubuntu2.3 2012-11-09 22:06:51 UTC

  glance (2012.2-0ubuntu2.3) quantal-security; urgency=low

  * SECURITY UPDATE: deletion of arbitrary public and shared images via
    authenticated user
    - debian/patches/CVE-2012-4573b.patch: previous patch was incomplete.
      Make corresponding change to glance/api/v2/images.py
    - CVE-2012-4573
  * debian/control: add Build-Depends-Indep on python-chardet. This is needed
    by python-requests to do encoding detection which otherwise fails in the
    new tests introduced in CVE-2012-4573b.patch.
 -- Jamie Strandboge <email address hidden> Fri, 09 Nov 2012 06:53:44 -0600

Source diff to previous version

Version: 2012.2-0ubuntu2.2 2012-11-08 17:06:52 UTC

  glance (2012.2-0ubuntu2.2) quantal-security; urgency=low

  * SECURITY UPDATE: deletion of arbitrary public and shared images via
    authenticated user
    - debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
      ensure image is owned by user before delayed_deletion
    - CVE-2012-4573
  * debian/patches/fakeauth-not-always-admin.patch: add required testsuite
    patch in support of the testsuite changes in CVE-2012-4573.patch
 -- Jamie Strandboge <email address hidden> Thu, 08 Nov 2012 07:41:02 -0600




About   -   Changelog   -   Send Feedback