UbuntuUpdates.org

Package "glance"

Name: glance

Description:

OpenStack Image Registry and Delivery Service - Daemons
Latest version: 2012.1.3+stable~20120821-120fcf-0ubuntu1.5
Release: precise (12.04)
Level: security
Repository: main
Homepage: http://launchpad.net/glance

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "glance"

All arch deb package
APT INSTALL

Other versions of "glance" in Precise

Repository Area Version
base main 2012.1-0ubuntu2
updates main 2012.1.3+stable-20130423-74b067df-0ubuntu1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2012.1.3+stable~20120821-120fcf-0ubuntu1.5 2013-03-14 22:06:36 UTC

  glance (2012.1.3+stable~20120821-120fcf-0ubuntu1.5) precise-security; urgency=low

  * SECURITY UPDATE: fix information disclosure via Glance v1 API
    - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
      not show image_meta['location']
    - CVE-2013-1840
    - LP: #1135541
 -- Jamie Strandboge <email address hidden> Thu, 14 Mar 2013 15:06:48 -0500
Source diff to previous version
1135541 v1 api returns location as header for cached images
CVE-2013-1840 Backend credentials leak in Glance v1 API

Version: 2012.1.3+stable~20120821-120fcf-0ubuntu1.3 2013-01-30 00:07:17 UTC

  glance (2012.1.3+stable~20120821-120fcf-0ubuntu1.3) precise-security; urgency=low

  * SECURITY UPDATE: information disclosure via swift error messages
    - debian/patches/CVE-2013-0212.patch: adjust glance/store/swift.py to
      mot show URLs and credentials in error messages and log output
    - CVE-2013-0212
 -- Jamie Strandboge <email address hidden> Mon, 28 Jan 2013 13:51:45 -0600
Source diff to previous version
CVE-2013-0212 Backend password leak in Glance error message

Version: 2012.1.3+stable~20120821-120fcf-0ubuntu1.2 2012-11-08 17:06:53 UTC

  glance (2012.1.3+stable~20120821-120fcf-0ubuntu1.2) precise-security; urgency=low

  * SECURITY UPDATE: deletion of arbitrary public and shared images via
    authenticated user
    - debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
      ensure image is owned by user before delayed_deletion
    - CVE-2012-4573
 -- Jamie Strandboge <email address hidden> Thu, 08 Nov 2012 07:19:39 -0600


About   -   Send Feedback to @ubuntu_updates