Ubuntu
glance package

lp://staging/ubuntu/quantal-security/glance

  1. Quantal (12.10)
  2. quantal-security
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp://staging/ubuntu/quantal-security/glance
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

66. By Jamie Strandboge

* SECURITY UPDATE: enforce 'download_image' policy in cache middleware
  - debian/patches/CVE-2013-4428.patch: fix confusing behavior when using
    download_image. Ie, return 403 rather than empty content (LP: #1235378)
  - CVE-2013-4428

65. By Jamie Strandboge

* SECURITY UPDATE: fix information disclosure via Glance v1 API
  - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
    not show image_meta['location']
  - CVE-2013-1840

64. By Jamie Strandboge

* SECURITY UPDATE: information disclosure via swift error messages
  - debian/patches/CVE-2013-0212.patch: adjust glance/store/swift.py to
    mot show URLs and credentials in error messages and log output
  - CVE-2013-0212

63. By Jamie Strandboge

* SECURITY UPDATE: deletion of arbitrary public and shared images via
  authenticated user
  - debian/patches/CVE-2012-4573b.patch: previous patch was incomplete.
    Make corresponding change to glance/api/v2/images.py
  - CVE-2012-4573
* debian/control: add Build-Depends-Indep on python-chardet. This is needed
  by python-requests to do encoding detection which otherwise fails in the
  new tests introduced in CVE-2012-4573b.patch.

62. By Jamie Strandboge

* SECURITY UPDATE: deletion of arbitrary public and shared images via
  authenticated user
  - debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
    ensure image is owned by user before delayed_deletion
  - CVE-2012-4573
* debian/patches/fakeauth-not-always-admin.patch: add required testsuite
  patch in support of the testsuite changes in CVE-2012-4573.patch

61. By James Page

* Glance should suggest python-ceph, not ceph-common (LP: #1065903):
  - debian/control: glance Suggests: ceph-common -> python-ceph.

60. By Chuck Short

* debian/control: Clean-up python depends. Thanks to Sam Morrison.
  (LP: #1053790)
* New upstream release.

59. By Chuck Short

New usptream release.

58. By Chuck Short

* debian/control: Suggest ceph-common.
* debian/control: Add python-glanceclient as a build depends.
* New upstream release.
* debian/patches/disable-swift-tests.patch: Refreshed.

57. By Chuck Short

* New upstrem release.
* debian/glance.logrotate: compress right logfiles when rotating them.
  (LP: #1049314)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/raring/glance
This branch contains Public information 
Everyone can see this information.

Subscribers