Ubuntu
nova package

lp://staging/ubuntu/precise-updates/nova

  1. Precise (12.04)
  2. precise-updates
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp://staging/ubuntu/precise-updates/nova
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

91. By Jamie Strandboge

* SECURITY UPDATE: denial of service with network security group policy
  updates
  - debian/patches/CVE-2013-4185.patch: use cached nwinfo for secgroup rules
    (LP: #1184041)
  - CVE-2013-4185

90. By Jamie Strandboge

* SECURITY UPDATE: verify virtual size of QCOW2 images
  - CVE-2013-2096.patch: update nova/virt/libvirt/connection.py to check
    QCOW2 image size during root disk creation
  - CVE-2013-2096

89. By Yolanda Robla

* Resynchronize with stable/essex (e52e6912) (LP: #1089488):
  - [48e81f1] VNC proxy can be made to connect to wrong VM LP: 1125378
  - [3bf5a58] snat rule too broad for some network configurations LP: 1048765
  - [efaacda] DOS by allocating all fixed ips LP: 1125468
  - [b683ced] Add nosehtmloutput as a test dependency.
  - [45274c8] Nova unit tests not running, but still passing for stable/essex
    LP: 1132835
  - [e02b459] vnc unit-test fixes
  - [87361d3] Jenkins jobs fail because of incompatibility between sqlalchemy-
    migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
  - [e98928c] VNC proxy can be made to connect to wrong VM LP: 1125378
  - [c0a10db] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
  - [243d516] No authentication on block device used for os-volume_boot
    LP: 1069904
  - [80fefe5] use_single_default_gateway does not function correctly
    (LP: #1075859)
  - [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
    attached (LP: #1079745)
  - [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
    slow (LP: #1062314)
  - [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
    fixed_ip (LP: #1017633)
  - [20f98c5] failed to allocate fixed ip because old deleted one exists
    (LP: #996482)
  - [75f6922] snapshot stays in saving state if the vm base image is deleted
    (LP: #921774)
  - [1076699] lock files may be removed in error dues to permissions issues
    (LP: #1051924)
  - [40c5e94] ensure_default_security_group() does not call sgh (LP: #1050982)
  - [4eebe76] At termination, LXC rootfs is not always unmounted before
    rmtree() is called (LP: #1046313)
  - [47dabb3] Heavily loaded nova-compute instances don't sent reports
    frequently enough (LP: #1045152)
  - [b375b4f] When attach volume lost attach when node restart (LP: #1004791)
  - [4ac2dcc] nova usage-list returns wrong usage (LP: #1043999)
  - [014fcbc] Bridge port's hairpin mode not set after resuming a machine
    (LP: #1040537)
  - [2f35f8e] Nova flavor ephemeral space size reported incorrectly
    (LP: #1026210)
* Dropped, superseeded by new snapshot:
  - debian/patches/CVE-2013-0335.patch: [48e81f1]
  - debian/patches/CVE-2013-1838.patch: [efaacda]
  - debian/patches/CVE-2013-1664.patch: [c0a10db]
  - debian/patches/CVE-2013-0208.patch: [243d516]

88. By Jamie Strandboge

* SECURITY UPDATE: fix denial of service via fixed IPs when using extensions
  - debian/patches/CVE-2013-1838.patch: add explicit quota for fixed IP
  - CVE-2013-1838
  - LP: #1125468
* SECURITY UPDATE: fix VNC token validation
  - debian/patches/CVE-2013-0335*.patch: force console auth service to flush
    all tokens associated with an instance when it is deleted
  - CVE-2013-0335
  - LP: #1125378

87. By Jamie Strandboge

* SECURITY UPDATE: fix denial of service
  - CVE-2013-1664.patch: Add a new utils.safe_minidom_parse_string function
    and update external API facing Nova modules to use it
  - CVE-2013-1664

86. By Jamie Strandboge

* SECURITY UPDATE: fix lack of authentication on block device used for
  os-volume_boot
  - debian/patches/CVE-2013-0208.patch: adjust nova/compute/api.py to
    validate we can access the volumes
  - CVE-2013-0208

85. By Adam Gandelman

* New upstream snapshot, fixes FTBFS in -proposed. (LP: #1041120)
* Resynchronize with stable/essex (4d2a4afe):
  - [5d63601] Inappropriate exception handling on kvm live/block migration
    (LP: #917615)
  - [ae280ca] Deleted floating ips can cause instance delete to fail
    (LP: #1038266)

84. By Jamie Strandboge

* SECURITY UPDATE: Prohibit file injection writing to host filesystem
  - debian/patches/CVE-2012-3447.patch: update to perform the file name
    canonicalization as the root user
  - CVE-2012-3447

83. By Steve Beattie

* SECURITY UPDATE: scheduler affinity denial of service
  - debian/patches/CVE-2012-3371.patch: lookup instance ids only once
    instead of once for each scheduler hint instance id.

82. By Steve Beattie

* SECURITY UPDATE: arbitrary file injection/corruption
  - debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
    be injected in arbitrary locations
  - CVE-2012-3360
  - CVE-2012-3361

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/quantal/nova
This branch contains Public information 
Everyone can see this information.

Subscribers