All Ubuntu package versions


AllTrustySaucyRaringQuantalPreciseLucidAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
CommentsResqueStathatMemoryTracker

Package "glance"

Name: glance

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • OpenStack Image Registry and Delivery Service - client

Latest version: 2012.2.4-0ubuntu1.1
Release: quantal (12.10)
Level: updates
Repository: universe

Links

Save this URL for the latest version of "glance": http://www.ubuntuupdates.org/glance

All versions of this package Bug fixes
List of files in package Repository home page for package

Other versions of "glance" in Quantal

RepositoryAreaVersion
base universe 2012.2-0ubuntu2
base main 2012.2-0ubuntu2
security main 2012.2.4-0ubuntu1.1
security universe 2012.2.4-0ubuntu1.1
updates main 2012.2.4-0ubuntu1.1

Packages in group

Deleted packages are displayed in grey.

glance-client

Change Log

Version: 2012.2.4-0ubuntu1.1 2013-10-23 21:06:58 UTC

  glance (2012.2.4-0ubuntu1.1) quantal-security; urgency=low

  * SECURITY UPDATE: enforce 'download_image' policy in cache middleware
    - debian/patches/CVE-2013-4428.patch: fix confusing behavior when using
      download_image. Ie, return 403 rather than empty content (LP: #1235378)
    - CVE-2013-4428
 -- Jamie Strandboge <email address hidden> Tue, 22 Oct 2013 13:42:27 -0500

Source diff to previous version
1235378 [OSSA 2013-027] 'image_download' role in v2 causes traceback
CVE-2013-4428 image_download policy not enforced for cached images

Version: 2012.2.4-0ubuntu1 2013-06-06 05:07:39 UTC

  glance (2012.2.4-0ubuntu1) quantal-proposed; urgency=low

  [ Adam Gandelman ]
  * Dropped patches, applied upstream:
    - debian/patches/CVE-2013-1840.patch: [dd849a9]
  * Resynchronize with stable/folsom (dbd3d3d7) (LP: #1179707):
    - [cfaa2d8] repeated deletion on image member does not result in 404
      LP: 1157427
    - [5b4d21d] glance-cache-prefetcher explodes when no auth parameters were
      configured LP: 1157765
    - [dd849a9] v1 api returns location as header for cached images LP: 1135541
    - [04f88c8] 500 error returned when an Admin tries to delete membership of
      image from a non-existent /invalid tenant LP: 1060868
    - [5597697] Fragile Test:
      glance.tests.functional.test_bin_glance:TestBinGlance.test_update_copying_from
      LP: 1107768
    - [5183360] filesystem store does not clean up after premature termination
      of image upload LP: 1104924
    - [03dc862] mismatched image size or checksum leaves behind dangling image
      data LP: 1122299
    - [12d28c3] UserWarning on deprecation of legacy glance client inappropriate
      for internal usage LP: 1129445
    - [afe6166] 'glance-cache-manage list-cached' does not show 'last accessed'
      and 'last modified' fields in human-readable format' LP: 1102334
    - [ee13560] Fix broken JSON schemas in v2 tests

  [ Chuck Short ]
  * debian/patches/disable-swift-tests.patch: Refreshed.
 -- Adam Gandelman <email address hidden> Thu, 25 Apr 2013 17:39:57 -0400

Source diff to previous version
CVE-2013-1840 Backend credentials leak in Glance v1 API

Version: 2012.2.3-0ubuntu2 2013-04-25 21:06:41 UTC

  glance (2012.2.3-0ubuntu2) quantal-proposed; urgency=low

  * Resync with latest security update.
  * SECURITY UPDATE: fix information disclosure via Glance v1 API
    - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
      not show image_meta['location']
    - CVE-2013-1840
 -- James Page <email address hidden> Fri, 22 Mar 2013 11:48:52 +0000

Source diff to previous version
CVE-2013-1840 Backend credentials leak in Glance v1 API

Version: 2012.2.1-0ubuntu1.2 2013-03-14 23:06:35 UTC

  glance (2012.2.1-0ubuntu1.2) quantal-security; urgency=low

  * SECURITY UPDATE: fix information disclosure via Glance v1 API
    - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
      not show image_meta['location']
    - CVE-2013-1840
 -- Jamie Strandboge <email address hidden> Wed, 13 Mar 2013 15:39:08 -0500

Source diff to previous version
CVE-2013-1840 Backend credentials leak in Glance v1 API

Version: 2012.2.1-0ubuntu1.1 2013-01-30 00:07:10 UTC

  glance (2012.2.1-0ubuntu1.1) quantal-security; urgency=low

  * SECURITY UPDATE: information disclosure via swift error messages
    - debian/patches/CVE-2013-0212.patch: adjust glance/store/swift.py to
      mot show URLs and credentials in error messages and log output
    - CVE-2013-0212
 -- Jamie Strandboge <email address hidden> Tue, 29 Jan 2013 09:13:09 -0600

CVE-2013-0212 Backend password leak in Glance error message



About   -   Changelog   -   Send Feedback