All Ubuntu package versions


AllRaringQuantalPreciseOneiricNattyLucidHardyAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
Comments

Package "glance"

Name: glance

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • OpenStack Image Registry and Delivery Service - client
Latest version: 2012.2.3-0ubuntu2
Release: quantal (12.10)
Level: updates
Repository: universe
Homepage: http://launchpad.net/glance

Links

Save this URL for the latest version of "glance": http://www.ubuntuupdates.org/glance

All versions of this package Bug fixes
List of files in package Repository home page for package

Other versions of "glance" in Quantal

RepositoryAreaVersion
base universe 2012.2-0ubuntu2
base main 2012.2-0ubuntu2
security main 2012.2.1-0ubuntu1.2
security universe 2012.2.1-0ubuntu1.2
updates main 2012.2.3-0ubuntu2
proposed main 2012.2.4-0ubuntu1
proposed universe 2012.2.4-0ubuntu1

Packages in group

Deleted packages are displayed in grey.

glance-client

Change Log

Version: 2012.2.3-0ubuntu2 2013-04-25 21:06:41 UTC

  glance (2012.2.3-0ubuntu2) quantal-proposed; urgency=low

  * Resync with latest security update.
  * SECURITY UPDATE: fix information disclosure via Glance v1 API
    - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
      not show image_meta['location']
    - CVE-2013-1840
 -- James Page <email address hidden> Fri, 22 Mar 2013 11:48:52 +0000
Source diff to previous version
CVE-2013-1840 Backend credentials leak in Glance v1 API

Version: 2012.2.1-0ubuntu1.2 2013-03-14 23:06:35 UTC

  glance (2012.2.1-0ubuntu1.2) quantal-security; urgency=low

  * SECURITY UPDATE: fix information disclosure via Glance v1 API
    - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
      not show image_meta['location']
    - CVE-2013-1840
 -- Jamie Strandboge <email address hidden> Wed, 13 Mar 2013 15:39:08 -0500
Source diff to previous version
CVE-2013-1840 Backend credentials leak in Glance v1 API

Version: 2012.2.1-0ubuntu1.1 2013-01-30 00:07:10 UTC

  glance (2012.2.1-0ubuntu1.1) quantal-security; urgency=low

  * SECURITY UPDATE: information disclosure via swift error messages
    - debian/patches/CVE-2013-0212.patch: adjust glance/store/swift.py to
      mot show URLs and credentials in error messages and log output
    - CVE-2013-0212
 -- Jamie Strandboge <email address hidden> Tue, 29 Jan 2013 09:13:09 -0600
Source diff to previous version
CVE-2013-0212 Backend password leak in Glance error message

Version: 2012.2.1-0ubuntu1 2013-01-29 14:06:41 UTC

  glance (2012.2.1-0ubuntu1) quantal-proposed; urgency=low

  * Dropped patches, applied upstream:
    - debian/patches/CVE-2012-4573.patch
    - debian/patches/CVE-2012-4573b.patch
  * Resynchronize with stable/folsom (199783ce) (LP: #1085255):
    - [49408e9] Glance image-delete HTTPInternalServerError HTTP 500
      (LP: #1075580)
    - [91aaa48] Image fails to upload to swift: TypeError: object of type
      'CooperativeReader' has no len( (LP: #1057322)
    - [a296a5b] Return 403 when admin deletes a deleted image (LP: #1060944)
    - [3e58a6a] Disallow updating deleted images. (LP: #1060930)
    - [26c8085] admins can see deleted images in v2 api (LP: #1071446)
    - [8321ca6] No exclude option to skip tests in run_tests.sh (LP: #1065758)
    - [c3bea11] Badly named stable/folsom Glance tarballs (LP: #1059634)
    - [fc0ee76] Non-admin users can cause public glance images to be deleted
      from the backend storage repository in the v2 api (LP: #1076506)
    - [90bcdc5] Non-admin users can cause public glance images to be deleted
      from the backend storage repository (LP: #1065187)
    - [7841cc9] FakeAuth not always admin
    - [ddad275] Jenkins jobs fail because of incompatibility between sqlalchemy-
      migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
    - [1d5c651] nosetest options cause no such option errors (LP: #1056420)
    - [ac223e2] Set defaultbranch in .gitreview to stable/folsom
 -- Adam Gandelman <email address hidden> Tue, 04 Dec 2012 09:19:35 -0800
Source diff to previous version
1075580 Glance image-delete HTTPInternalServerError HTTP 500
1057322 Image fails to upload to swift: TypeError: object of type 'CooperativeReader' has no len(
1060944 v1 API returns 200 OK when an admin deletes a deleted image
1060930 Admin can update metadata of a deleted image
1071446 admins can see deleted images in v2 api
1065758 No exclude option to skip tests in run_tests.sh
1059634 Badly named stable/folsom Glance tarballs
1076506 Non-admin users can cause public glance images to be deleted from the backend storage repository in the v2 api
1065187 Non-admin users can cause public glance images to be deleted from the backend storage repository
1056420 nosetest options cause no such option errors
CVE-2012-4573 The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected image

Version: 2012.2-0ubuntu2.3 2012-11-10 00:06:58 UTC

  glance (2012.2-0ubuntu2.3) quantal-security; urgency=low

  * SECURITY UPDATE: deletion of arbitrary public and shared images via
    authenticated user
    - debian/patches/CVE-2012-4573b.patch: previous patch was incomplete.
      Make corresponding change to glance/api/v2/images.py
    - CVE-2012-4573
  * debian/control: add Build-Depends-Indep on python-chardet. This is needed
    by python-requests to do encoding detection which otherwise fails in the
    new tests introduced in CVE-2012-4573b.patch.
 -- Jamie Strandboge <email address hidden> Fri, 09 Nov 2012 06:53:44 -0600


About   -   Changelog   -   Send Feedback
Site Meter