lp://staging/ubuntu/precise-security/nova
- Get this branch:
- bzr branch lp://staging/ubuntu/precise-security/nova
Branch merges
Branch information
Recent revisions
- 88. By Jamie Strandboge
-
* SECURITY UPDATE: denial of service with network security group policy
updates
- debian/patches/ CVE-2013- 4185.patch: use cached nwinfo for secgroup rules
(LP: #1184041)
- CVE-2013-4185 - 87. By Jamie Strandboge
-
* SECURITY UPDATE: verify virtual size of QCOW2 images
- CVE-2013-2096.patch: update nova/virt/ libvirt/ connection. py to check
QCOW2 image size during root disk creation
- CVE-2013-2096 - 86. By Jamie Strandboge
-
* SECURITY UPDATE: fix denial of service via fixed IPs when using extensions
- debian/patches/ CVE-2013- 1838.patch: add explicit quota for fixed IP
- CVE-2013-1838
- LP: #1125468
* SECURITY UPDATE: fix VNC token validation
- debian/patches/ CVE-2013- 0335*.patch: force console auth service to flush
all tokens associated with an instance when it is deleted
- CVE-2013-0335
- LP: #1125378 - 85. By Jamie Strandboge
-
* SECURITY UPDATE: fix denial of service
- CVE-2013-1664.patch: Add a new utils.safe_ minidom_ parse_string function
and update external API facing Nova modules to use it
- CVE-2013-1664 - 84. By Jamie Strandboge
-
* SECURITY UPDATE: fix lack of authentication on block device used for
os-volume_boot
- debian/patches/ CVE-2013- 0208.patch: adjust nova/compute/api.py to
validate we can access the volumes
- CVE-2013-0208 - 83. By Jamie Strandboge
-
* SECURITY UPDATE: Prohibit file injection writing to host filesystem
- debian/patches/ CVE-2012- 3447.patch: update to perform the file name
canonicalization as the root user
- CVE-2012-3447 - 82. By Steve Beattie
-
* SECURITY UPDATE: scheduler affinity denial of service
- debian/patches/ CVE-2012- 3371.patch: lookup instance ids only once
instead of once for each scheduler hint instance id. - 81. By Steve Beattie
-
* SECURITY UPDATE: arbitrary file injection/
corruption
- debian/patches/ CVE-2012- 3360+3361. patch: ensure that files cannot
be injected in arbitrary locations
- CVE-2012-3360
- CVE-2012-3361 - 80. By Steve Beattie
-
* REGRESSION FIX: security group without protocol set failure (LP: #1010514)
- debian/patches/ CVE-2012- 2654-regression .patch: only call .lower()
when a protocol has been set. - 79. By Steve Beattie
-
* SECURITY UPDATE: set security groups correctly if IP protocol is
specified in upper/mixed case
- debian/patches/ CVE-2012- 2654.patch: ensure protocols are in
lowercase for the controllers
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/quantal/nova