Package "glance"
Name: |
glance
|
Description: |
OpenStack Image Registry and Delivery Service - Daemons
|
Latest version: |
2012.1.3+stable-20130423-74b067df-0ubuntu1 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
main |
Homepage: |
http://launchpad.net/glance |
Links
Download "glance"
Other versions of "glance" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
glance (2012.1.3+stable-20130423-74b067df-0ubuntu1) precise-proposed; urgency=low
* Resynchronize with stable/essex (74b067df) (LP: #1089488):
- [74b067d] v1 api returns location as header for cached images LP: 1135541
- [37d4d96] glance image-download can display backend Swift password
LP: 1098962
- [efd7e75] Non-admin users can cause public glance images to be deleted
from the backend storage repository (LP: #1065187)
- [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
* Dropped patches, superseeded by snapshot:
- debian/patches/CVE-2013-1840.patch [74b067d]
- debian/patches/CVE-2013-0212.patch [37d4d96]
- debian/patches/CVE-2012-4573.patch [efd7e75]
-- Yolanda <email address hidden> Wed, 24 Apr 2013 14:58:09 +0200
|
Source diff to previous version |
1089488 |
Meta bug for tracking Openstack Stable Updates |
1065187 |
Non-admin users can cause public glance images to be deleted from the backend storage repository |
CVE-2013-1840 |
Backend credentials leak in Glance v1 API |
CVE-2013-0212 |
Backend password leak in Glance error message |
CVE-2012-4573 |
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected image |
|
glance (2012.1.3+stable~20120821-120fcf-0ubuntu1.5) precise-security; urgency=low
* SECURITY UPDATE: fix information disclosure via Glance v1 API
- debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
not show image_meta['location']
- CVE-2013-1840
- LP: #1135541
-- Jamie Strandboge <email address hidden> Thu, 14 Mar 2013 15:06:48 -0500
|
Source diff to previous version |
1135541 |
v1 api returns location as header for cached images |
CVE-2013-1840 |
Backend credentials leak in Glance v1 API |
|
glance (2012.1.3+stable~20120821-120fcf-0ubuntu1.3) precise-security; urgency=low
* SECURITY UPDATE: information disclosure via swift error messages
- debian/patches/CVE-2013-0212.patch: adjust glance/store/swift.py to
mot show URLs and credentials in error messages and log output
- CVE-2013-0212
-- Jamie Strandboge <email address hidden> Mon, 28 Jan 2013 13:51:45 -0600
|
Source diff to previous version |
|
glance (2012.1.3+stable~20120821-120fcf-0ubuntu1.2) precise-security; urgency=low
* SECURITY UPDATE: deletion of arbitrary public and shared images via
authenticated user
- debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
ensure image is owned by user before delayed_deletion
- CVE-2012-4573
-- Jamie Strandboge <email address hidden> Thu, 08 Nov 2012 07:19:39 -0600
|
Source diff to previous version |
glance (2012.1.3+stable~20120821-120fcf-0ubuntu1) precise-proposed; urgency=low
* New upstream snapshot. (LP: #1041120)
* Resynchronzie with stable/essex:
- Glance add uploads a double image if using ssl and images is smaller
than 4k. (LP: #1007093)
- If response.environ is None, instance fails to spawn.
(LP: #1010560)
- exception.BadStoreURL exposes sensitive information to end users.
(LP: #1012268)
- glance-cache.conf needs metadata encryption key (LP: #1012752)
- image.upload notification doesn't report size (LP: #1018246)
- Admins should be able to share image regardless of ownership.
(LP: #1021054)
- Glance scrubber date formatting fails with postgres (LP: #1022369)
- Support zero-size image creation. (LP: #1025353)
- Image id not contained in swift chunk debug message. (LP: #1028433)
- qpid_heartbeat setting is ineffective. (LP: #1032314)
- Image properties that reference image ids are not updated to UUIDs.
(LP: #975651)
- Migration 012_id_to_uuid attempts to convert IDs twice for non-sqlite
databases. (LP: #975655)
- multiprocess glance-api failed to exit when stopped by ctrl+c.
(LP: #978130)
- /usr/bin/glance's built-in pager breaks redirection.
(LP: #978610)
- Content-Length and Transfer-Encoding are mutually exclusive HTTP headers
(LP: #981332)
- glance add command - incorrect help text (LP: #997565)
* debian/patches/convert_properties_to_uuid.patch: Dropped no longer
needed.
* debian/patches/fix-pep8-ubuntu.patch: Dropped no longer needed.
-- Adam Gandelman <email address hidden> Fri, 24 Jun 2012 03:14:33 -0400
|
1041120 |
Meta bug for tracking Openstack Stable Updates |
1007093 |
glance add uploads a double image if using ssl and images is smaller the 4k |
1010560 |
response.environ is None; instance fails to spawn |
1012268 |
exception.BadStoreUri exposes sensitive information to end users |
1012752 |
glance-cache.conf needs metadata encryption key |
1018246 |
image.upload notification doesn't report size |
1021054 |
Admins should be able to share image regardless of ownership |
1022369 |
Glance scrubber date formatting fails w/ Postgres |
1025353 |
Support zero-size image creation |
1028433 |
Image id not contained in swift chunk debug message |
1032314 |
qpid_heartbeat setting in ineffective |
975651 |
Image properties that reference image ids are not u... |
975655 |
Migration 012_id_to_uuid attempts to convert IDs twice for non-sqlite databases |
978130 |
multiprocess glance-api failed to exit when stopped by ctrl+c |
978610 |
/usr/bin/glance's built-in pager breaks redirection |
981332 |
Content-Length and Transfer-Encoding are mutually e... |
997565 |
glance add command - incorrect help text |
|
About
-
Send Feedback to @ubuntu_updates