2012-12-12 17:01:26 |
Yolanda Robla |
bug |
|
|
added bug |
2012-12-12 17:01:54 |
Yolanda Robla |
nova: status |
New |
Confirmed |
|
2012-12-12 17:02:22 |
Yolanda Robla |
affects |
nova |
nova (Ubuntu) |
|
2012-12-12 17:02:50 |
Yolanda Robla |
nominated for series |
|
Ubuntu Precise |
|
2012-12-12 17:03:01 |
Yolanda Robla |
bug |
|
|
added subscriber Adam Gandelman |
2012-12-12 17:03:08 |
Yolanda Robla |
bug |
|
|
added subscriber Chuck Short |
2012-12-12 17:03:19 |
Yolanda Robla |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2012-12-12 17:15:21 |
Yolanda Robla |
bug task added |
|
horizon |
|
2012-12-12 17:15:36 |
Yolanda Robla |
horizon: status |
New |
Confirmed |
|
2012-12-12 17:16:12 |
Yolanda Robla |
summary |
[SRU] Meta bug for tracking Nova stable-essex updates |
Meta bug for tracking Openstack Stable Updates |
|
2012-12-12 17:17:05 |
Yolanda Robla |
bug task deleted |
horizon |
|
|
2012-12-12 17:17:43 |
Yolanda Robla |
bug task added |
|
horizon (Ubuntu) |
|
2012-12-12 17:17:53 |
Yolanda Robla |
horizon (Ubuntu): status |
New |
Confirmed |
|
2012-12-12 17:20:06 |
Yolanda Robla |
description |
This is a meta-bug used for tracking progress of new updates to Essex to
Nova project.
nova (2012.1.4+stable-20121212-bd102419-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3447.patch: update to perform the file name
canonicalization as the root user
- debian/patches/CVE-2012-3371.patch: lookup instance ids only once
instead of once for each scheduler hint instance id.
- debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
be injected in arbitrary locations
* Resynchronize with stable/essex (bd102419):
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip
- [20f98c5] failed to allocate fixed ip because old deleted one exists
- [75f6922] snapshot stays in saving state if the vm base image is deleted
- [1076699] lock files may be removed in error dues to permissions issues
- [40c5e94] ensure_default_security_group() does not call sgh
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough
- [b375b4f] When attach volume lost attach when node restart
- [4ac2dcc] nova usage-list returns wrong usage
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 10:26:00 +0100 |
This is a meta-bug used for tracking progress of new updates to Nova, Horizon, Keystone, and Glance.
nova (2012.1.4+stable-20121212-bd102419-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3447.patch: update to perform the file name
canonicalization as the root user
- debian/patches/CVE-2012-3371.patch: lookup instance ids only once
instead of once for each scheduler hint instance id.
- debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
be injected in arbitrary locations
* Resynchronize with stable/essex (bd102419):
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip
- [20f98c5] failed to allocate fixed ip because old deleted one exists
- [75f6922] snapshot stays in saving state if the vm base image is deleted
- [1076699] lock files may be removed in error dues to permissions issues
- [40c5e94] ensure_default_security_group() does not call sgh
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough
- [b375b4f] When attach volume lost attach when node restart
- [4ac2dcc] nova usage-list returns wrong usage
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 10:26:00 +0100
horizon (2012.1.4+stable-20121212-5ce39422-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
other than the same origin
* Resynchronize with stable/essex (5ce39422) LP: #1089466:
- [7e651d7] stable/essex horizon installs unusable version of glance
- [35eada8] open redirect / phishing attack via "next" parameter
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
- [f862d9e] Wrong 'Download CSV Summary' link
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 14:25:33 +0100 |
|
2012-12-12 17:23:08 |
Yolanda Robla |
bug task added |
|
glance (Ubuntu) |
|
2012-12-12 17:23:17 |
Yolanda Robla |
glance (Ubuntu): status |
New |
Confirmed |
|
2012-12-12 17:23:38 |
Yolanda Robla |
description |
This is a meta-bug used for tracking progress of new updates to Nova, Horizon, Keystone, and Glance.
nova (2012.1.4+stable-20121212-bd102419-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3447.patch: update to perform the file name
canonicalization as the root user
- debian/patches/CVE-2012-3371.patch: lookup instance ids only once
instead of once for each scheduler hint instance id.
- debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
be injected in arbitrary locations
* Resynchronize with stable/essex (bd102419):
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip
- [20f98c5] failed to allocate fixed ip because old deleted one exists
- [75f6922] snapshot stays in saving state if the vm base image is deleted
- [1076699] lock files may be removed in error dues to permissions issues
- [40c5e94] ensure_default_security_group() does not call sgh
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough
- [b375b4f] When attach volume lost attach when node restart
- [4ac2dcc] nova usage-list returns wrong usage
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 10:26:00 +0100
horizon (2012.1.4+stable-20121212-5ce39422-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
other than the same origin
* Resynchronize with stable/essex (5ce39422) LP: #1089466:
- [7e651d7] stable/essex horizon installs unusable version of glance
- [35eada8] open redirect / phishing attack via "next" parameter
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
- [f862d9e] Wrong 'Download CSV Summary' link
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 14:25:33 +0100 |
This is a meta-bug used for tracking progress of new updates to Nova, Horizon, Keystone, and Glance.
nova (2012.1.4+stable-20121212-bd102419-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3447.patch: update to perform the file name
canonicalization as the root user
- debian/patches/CVE-2012-3371.patch: lookup instance ids only once
instead of once for each scheduler hint instance id.
- debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
be injected in arbitrary locations
* Resynchronize with stable/essex (bd102419):
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip
- [20f98c5] failed to allocate fixed ip because old deleted one exists
- [75f6922] snapshot stays in saving state if the vm base image is deleted
- [1076699] lock files may be removed in error dues to permissions issues
- [40c5e94] ensure_default_security_group() does not call sgh
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough
- [b375b4f] When attach volume lost attach when node restart
- [4ac2dcc] nova usage-list returns wrong usage
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 10:26:00 +0100
horizon (2012.1.4+stable-20121212-5ce39422-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
other than the same origin
* Resynchronize with stable/essex (5ce39422) LP: #1089466:
- [7e651d7] stable/essex horizon installs unusable version of glance
- [35eada8] open redirect / phishing attack via "next" parameter
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
- [f862d9e] Wrong 'Download CSV Summary' link
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 14:25:33 +0100
glance (2012.1.3+stable-20121211-efd7e75b-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
ensure image is owned by user before delayed_deletion
* Resynchronize with stable/essex (efd7e75b):
- [efd7e75] Non-admin users can cause public glance images to be deleted
from the backend storage repository
- [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1
* debian/rules: skipping pep8 tests to allow building
-- Yolanda Robla <yolanda.robla@canonical.com> Tue, 11 Dec 2012 20:31:00 +0100 |
|
2012-12-12 17:25:56 |
Yolanda Robla |
bug task added |
|
keystone (Ubuntu) |
|
2012-12-12 17:26:05 |
Yolanda Robla |
keystone (Ubuntu): status |
New |
Confirmed |
|
2012-12-12 17:28:12 |
Yolanda Robla |
description |
This is a meta-bug used for tracking progress of new updates to Nova, Horizon, Keystone, and Glance.
nova (2012.1.4+stable-20121212-bd102419-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3447.patch: update to perform the file name
canonicalization as the root user
- debian/patches/CVE-2012-3371.patch: lookup instance ids only once
instead of once for each scheduler hint instance id.
- debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
be injected in arbitrary locations
* Resynchronize with stable/essex (bd102419):
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip
- [20f98c5] failed to allocate fixed ip because old deleted one exists
- [75f6922] snapshot stays in saving state if the vm base image is deleted
- [1076699] lock files may be removed in error dues to permissions issues
- [40c5e94] ensure_default_security_group() does not call sgh
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough
- [b375b4f] When attach volume lost attach when node restart
- [4ac2dcc] nova usage-list returns wrong usage
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 10:26:00 +0100
horizon (2012.1.4+stable-20121212-5ce39422-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
other than the same origin
* Resynchronize with stable/essex (5ce39422) LP: #1089466:
- [7e651d7] stable/essex horizon installs unusable version of glance
- [35eada8] open redirect / phishing attack via "next" parameter
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
- [f862d9e] Wrong 'Download CSV Summary' link
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 14:25:33 +0100
glance (2012.1.3+stable-20121211-efd7e75b-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
ensure image is owned by user before delayed_deletion
* Resynchronize with stable/essex (efd7e75b):
- [efd7e75] Non-admin users can cause public glance images to be deleted
from the backend storage repository
- [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1
* debian/rules: skipping pep8 tests to allow building
-- Yolanda Robla <yolanda.robla@canonical.com> Tue, 11 Dec 2012 20:31:00 +0100 |
This is a meta-bug used for tracking progress of new updates to Nova, Horizon, Keystone, and Glance.
nova (2012.1.4+stable-20121212-bd102419-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3447.patch: update to perform the file name
canonicalization as the root user
- debian/patches/CVE-2012-3371.patch: lookup instance ids only once
instead of once for each scheduler hint instance id.
- debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
be injected in arbitrary locations
* Resynchronize with stable/essex (bd102419):
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip
- [20f98c5] failed to allocate fixed ip because old deleted one exists
- [75f6922] snapshot stays in saving state if the vm base image is deleted
- [1076699] lock files may be removed in error dues to permissions issues
- [40c5e94] ensure_default_security_group() does not call sgh
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough
- [b375b4f] When attach volume lost attach when node restart
- [4ac2dcc] nova usage-list returns wrong usage
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 10:26:00 +0100
horizon (2012.1.4+stable-20121212-5ce39422-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
other than the same origin
* Resynchronize with stable/essex (5ce39422) LP: #1089466:
- [7e651d7] stable/essex horizon installs unusable version of glance
- [35eada8] open redirect / phishing attack via "next" parameter
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
- [f862d9e] Wrong 'Download CSV Summary' link
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 14:25:33 +0100
glance (2012.1.3+stable-20121211-efd7e75b-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
ensure image is owned by user before delayed_deletion
* Resynchronize with stable/essex (efd7e75b):
- [efd7e75] Non-admin users can cause public glance images to be deleted
from the backend storage repository
- [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1
* debian/rules: skipping pep8 tests to allow building
-- Yolanda Robla <yolanda.robla@canonical.com> Tue, 11 Dec 2012 20:31:00 +0100
keystone (2012.1+stable-20121211-c17a9992-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify
that the user is in at least one valid role for the tenant
- debian/patches/keystone-CVE-2012-4413.patch: invalidate all user
tokens upon role grant/revoke
- debian/patches/keystone-CVE-2012-3542: require authz to update a
user's tenant.
* Resynchronize with stable/essex (c17a9992) LP: #1089488:
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
- [cd1e48a] Memcached Token Backend does not support list tokens
- [5438d3b] Update user's default tenant partially succeeds without authz
-- Yolanda <yolanda.robla@canonical.com> Tue, 11 Dec 2012 12:22:03 +0100 |
|
2012-12-12 17:34:03 |
Adam Gandelman |
bug task added |
|
nova (Ubuntu Precise) |
|
2012-12-12 17:34:03 |
Adam Gandelman |
bug task added |
|
glance (Ubuntu Precise) |
|
2012-12-12 17:34:03 |
Adam Gandelman |
bug task added |
|
keystone (Ubuntu Precise) |
|
2012-12-12 17:34:03 |
Adam Gandelman |
bug task added |
|
horizon (Ubuntu Precise) |
|
2012-12-12 17:34:12 |
Adam Gandelman |
glance (Ubuntu): status |
Confirmed |
Invalid |
|
2012-12-12 17:34:18 |
Adam Gandelman |
glance (Ubuntu Precise): status |
New |
Confirmed |
|
2012-12-12 17:34:24 |
Adam Gandelman |
horizon (Ubuntu): status |
Confirmed |
Invalid |
|
2012-12-12 17:34:34 |
Adam Gandelman |
horizon (Ubuntu Precise): status |
New |
Confirmed |
|
2012-12-12 17:34:39 |
Adam Gandelman |
keystone (Ubuntu): status |
Confirmed |
Invalid |
|
2012-12-12 17:34:44 |
Adam Gandelman |
keystone (Ubuntu Precise): status |
New |
Confirmed |
|
2012-12-12 17:34:53 |
Adam Gandelman |
nova (Ubuntu): status |
Confirmed |
Invalid |
|
2012-12-12 17:34:57 |
Adam Gandelman |
nova (Ubuntu Precise): status |
New |
Confirmed |
|
2012-12-13 09:27:32 |
Yolanda Robla |
description |
This is a meta-bug used for tracking progress of new updates to Nova, Horizon, Keystone, and Glance.
nova (2012.1.4+stable-20121212-bd102419-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3447.patch: update to perform the file name
canonicalization as the root user
- debian/patches/CVE-2012-3371.patch: lookup instance ids only once
instead of once for each scheduler hint instance id.
- debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
be injected in arbitrary locations
* Resynchronize with stable/essex (bd102419):
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip
- [20f98c5] failed to allocate fixed ip because old deleted one exists
- [75f6922] snapshot stays in saving state if the vm base image is deleted
- [1076699] lock files may be removed in error dues to permissions issues
- [40c5e94] ensure_default_security_group() does not call sgh
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough
- [b375b4f] When attach volume lost attach when node restart
- [4ac2dcc] nova usage-list returns wrong usage
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 10:26:00 +0100
horizon (2012.1.4+stable-20121212-5ce39422-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
other than the same origin
* Resynchronize with stable/essex (5ce39422) LP: #1089466:
- [7e651d7] stable/essex horizon installs unusable version of glance
- [35eada8] open redirect / phishing attack via "next" parameter
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
- [f862d9e] Wrong 'Download CSV Summary' link
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 14:25:33 +0100
glance (2012.1.3+stable-20121211-efd7e75b-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
ensure image is owned by user before delayed_deletion
* Resynchronize with stable/essex (efd7e75b):
- [efd7e75] Non-admin users can cause public glance images to be deleted
from the backend storage repository
- [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1
* debian/rules: skipping pep8 tests to allow building
-- Yolanda Robla <yolanda.robla@canonical.com> Tue, 11 Dec 2012 20:31:00 +0100
keystone (2012.1+stable-20121211-c17a9992-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify
that the user is in at least one valid role for the tenant
- debian/patches/keystone-CVE-2012-4413.patch: invalidate all user
tokens upon role grant/revoke
- debian/patches/keystone-CVE-2012-3542: require authz to update a
user's tenant.
* Resynchronize with stable/essex (c17a9992) LP: #1089488:
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
- [cd1e48a] Memcached Token Backend does not support list tokens
- [5438d3b] Update user's default tenant partially succeeds without authz
-- Yolanda <yolanda.robla@canonical.com> Tue, 11 Dec 2012 12:22:03 +0100 |
This is a meta-bug used for tracking progress of new updates to Nova, Horizon, Keystone, and Glance.
nova (2012.1.4+stable-20121212-bd102419-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3447.patch: update to perform the file name
canonicalization as the root user
- debian/patches/CVE-2012-3371.patch: lookup instance ids only once
instead of once for each scheduler hint instance id.
- debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
be injected in arbitrary locations
* Resynchronize with stable/essex (bd102419):
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached (LP: #1079745)
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow (LP: #1062314)
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip (LP: #1017633)
- [20f98c5] failed to allocate fixed ip because old deleted one exists (LP: #996482)
- [75f6922] snapshot stays in saving state if the vm base image is deleted
(LP: #921774)
- [1076699] lock files may be removed in error dues to permissions issues
(LP: #1051924)
- [40c5e94] ensure_default_security_group() does not call sgh (LP: #1050982)
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called (LP: #1046313)
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough (LP: #1045152)
- [b375b4f] When attach volume lost attach when node restart (LP: #1004791)
- [4ac2dcc] nova usage-list returns wrong usage (LP: #1043999)
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine (LP: #1040537)
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly (LP: #1026210)
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 10:26:00 +0100
horizon (2012.1.4+stable-20121212-5ce39422-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
other than the same origin
* Resynchronize with stable/essex (5ce39422) LP: #1089466:
- [7e651d7] stable/essex horizon installs unusable version of glance (LP: #1057125)
- [35eada8] open redirect / phishing attack via "next" parameter (LP: #1039077)
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
(LP: #1031291)
- [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 14:25:33 +0100
glance (2012.1.3+stable-20121211-efd7e75b-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
ensure image is owned by user before delayed_deletion
* Resynchronize with stable/essex (efd7e75b):
- [efd7e75] Non-admin users can cause public glance images to be deleted
from the backend storage repository (LP: #1065187)
- [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
* debian/rules: skipping pep8 tests to allow building
-- Yolanda Robla <yolanda.robla@canonical.com> Tue, 11 Dec 2012 20:31:00 +0100
keystone (2012.1+stable-20121211-c17a9992-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify
that the user is in at least one valid role for the tenant
- debian/patches/keystone-CVE-2012-4413.patch: invalidate all user
tokens upon role grant/revoke
- debian/patches/keystone-CVE-2012-3542: require authz to update a
user's tenant.
* Resynchronize with stable/essex (c17a9992) LP: #1089488:
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant (LP: #1064914)
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys (LP: #1056373)
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant (LP: #1050025)
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
- [cd1e48a] Memcached Token Backend does not support list tokens (LP: #1046905)
- [5438d3b] Update user's default tenant partially succeeds without authz
(LP: #1040626)
-- Yolanda <yolanda.robla@canonical.com> Tue, 11 Dec 2012 12:22:03 +0100 |
|
2012-12-18 18:26:51 |
Yolanda Robla |
bug task deleted |
glance (Ubuntu) |
|
|
2012-12-18 18:27:02 |
Yolanda Robla |
bug task deleted |
glance (Ubuntu Precise) |
|
|
2012-12-18 18:30:49 |
Yolanda Robla |
description |
This is a meta-bug used for tracking progress of new updates to Nova, Horizon, Keystone, and Glance.
nova (2012.1.4+stable-20121212-bd102419-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3447.patch: update to perform the file name
canonicalization as the root user
- debian/patches/CVE-2012-3371.patch: lookup instance ids only once
instead of once for each scheduler hint instance id.
- debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
be injected in arbitrary locations
* Resynchronize with stable/essex (bd102419):
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached (LP: #1079745)
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow (LP: #1062314)
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip (LP: #1017633)
- [20f98c5] failed to allocate fixed ip because old deleted one exists (LP: #996482)
- [75f6922] snapshot stays in saving state if the vm base image is deleted
(LP: #921774)
- [1076699] lock files may be removed in error dues to permissions issues
(LP: #1051924)
- [40c5e94] ensure_default_security_group() does not call sgh (LP: #1050982)
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called (LP: #1046313)
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough (LP: #1045152)
- [b375b4f] When attach volume lost attach when node restart (LP: #1004791)
- [4ac2dcc] nova usage-list returns wrong usage (LP: #1043999)
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine (LP: #1040537)
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly (LP: #1026210)
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 10:26:00 +0100
horizon (2012.1.4+stable-20121212-5ce39422-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
other than the same origin
* Resynchronize with stable/essex (5ce39422) LP: #1089466:
- [7e651d7] stable/essex horizon installs unusable version of glance (LP: #1057125)
- [35eada8] open redirect / phishing attack via "next" parameter (LP: #1039077)
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
(LP: #1031291)
- [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
-- Yolanda Robla <yolanda.robla@canonical.com> Wed, 12 Dec 2012 14:25:33 +0100
glance (2012.1.3+stable-20121211-efd7e75b-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
ensure image is owned by user before delayed_deletion
* Resynchronize with stable/essex (efd7e75b):
- [efd7e75] Non-admin users can cause public glance images to be deleted
from the backend storage repository (LP: #1065187)
- [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
* debian/rules: skipping pep8 tests to allow building
-- Yolanda Robla <yolanda.robla@canonical.com> Tue, 11 Dec 2012 20:31:00 +0100
keystone (2012.1+stable-20121211-c17a9992-0ubuntu1) precise-proposed; urgency=low
[ Yolanda Robla ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify
that the user is in at least one valid role for the tenant
- debian/patches/keystone-CVE-2012-4413.patch: invalidate all user
tokens upon role grant/revoke
- debian/patches/keystone-CVE-2012-3542: require authz to update a
user's tenant.
* Resynchronize with stable/essex (c17a9992) LP: #1089488:
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant (LP: #1064914)
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys (LP: #1056373)
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant (LP: #1050025)
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
- [cd1e48a] Memcached Token Backend does not support list tokens (LP: #1046905)
- [5438d3b] Update user's default tenant partially succeeds without authz
(LP: #1040626)
-- Yolanda <yolanda.robla@canonical.com> Tue, 11 Dec 2012 12:22:03 +0100 |
This is a meta-bug used for tracking progress of new updates to Nova, Horizon, Keystone.
nova (2012.1.4+stable-20121217-9f277e38-0ubuntu1) precise-proposed; urgency=low
[ Chuck Short ]
* debian/*.logrotate: compress logfiles when they are rotated. (LP: #1049915)
[ Yolanda Robla Mota ]
* Resynchronize with stable/essex (9f277e38):
- [80fefe5] use_single_default_gateway does not function correctly
(LP: #1075859)
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached (LP: #1079745)
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow (LP: #1062314)
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip (LP: #1017633)
- [20f98c5] failed to allocate fixed ip because old deleted one exists
(LP: #996482)
- [75f6922] snapshot stays in saving state if the vm base image is deleted
(LP: #921774)
- [1076699] lock files may be removed in error dues to permissions issues
(LP: #1051924)
- [40c5e94] ensure_default_security_group() does not call sgh (LP: #1050982)
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called (LP: #1046313)
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough (LP: #1045152)
- [b375b4f] When attach volume lost attach when node restart (LP: #1004791)
- [4ac2dcc] nova usage-list returns wrong usage (LP: #1043999)
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine
(LP: #1040537)
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly
(LP: #1026210)
-- Yolanda Robla Mota <yolanda.robla@canonical.com> Mon, 17 Dec 2012 10:39:28 +0000
horizon (2012.1.4+stable-20121217-5ce39422-0ubuntu1) precise-proposed; urgency=low
* Resynchronize with stable/essex (5ce39422):
- [7e651d7] stable/essex horizon installs unusable version of glance
(LP: #1057125)
- [35eada8] open redirect / phishing attack via "next" parameter
(CVE-2012-3540)
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
(LP: #1031291)
- [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
* Dropped patches, superseeded by snapshot:
- debian/patches/CVE-2012-3540.patch [35eada8]
-- Yolanda Robla Mota <yolanda.robla@canonical.com> Mon, 17 Dec 2012 11:05:44 +0000
keystone (2012.1.4+stable-20121217-c17a9992-0ubuntu1) precise-proposed; urgency=low
[ Chuck Short ]
* debian/keystone.logrotate: Compress log file when rotated. (LP: #1049309)
[ Yolanda Robla Mota ]
* Resynchronize with stable/essex (c17a9992):
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant (CVE-2012-5571)
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys
(LP: #1056373)
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant (LP: #1050025)
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
- [cd1e48a] Memcached Token Backend does not support list tokens
(LP: #1046905)
- [5438d3b] Update user's default tenant partially succeeds without authz
(CVE-2012-3542)
* Dropped, superseeded by new snapshot:
- debian/patches/CVE-2012-4413.patch [58ac669]
- debian/patches/CVE-2012-5571.patch [8735009]
- debian/patches/CVE-2012-3542.patch [5438d3b]
-- Yolanda Robla Mota <yolanda.robla@canonical.com> Mon, 17 Dec 2012 10:47:08 +0000 |
|
2013-02-05 14:05:15 |
James Page |
bug |
|
|
added subscriber James Page |
2013-04-08 12:07:43 |
Yolanda Robla |
description |
This is a meta-bug used for tracking progress of new updates to Nova, Horizon, Keystone.
nova (2012.1.4+stable-20121217-9f277e38-0ubuntu1) precise-proposed; urgency=low
[ Chuck Short ]
* debian/*.logrotate: compress logfiles when they are rotated. (LP: #1049915)
[ Yolanda Robla Mota ]
* Resynchronize with stable/essex (9f277e38):
- [80fefe5] use_single_default_gateway does not function correctly
(LP: #1075859)
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached (LP: #1079745)
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow (LP: #1062314)
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip (LP: #1017633)
- [20f98c5] failed to allocate fixed ip because old deleted one exists
(LP: #996482)
- [75f6922] snapshot stays in saving state if the vm base image is deleted
(LP: #921774)
- [1076699] lock files may be removed in error dues to permissions issues
(LP: #1051924)
- [40c5e94] ensure_default_security_group() does not call sgh (LP: #1050982)
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called (LP: #1046313)
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough (LP: #1045152)
- [b375b4f] When attach volume lost attach when node restart (LP: #1004791)
- [4ac2dcc] nova usage-list returns wrong usage (LP: #1043999)
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine
(LP: #1040537)
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly
(LP: #1026210)
-- Yolanda Robla Mota <yolanda.robla@canonical.com> Mon, 17 Dec 2012 10:39:28 +0000
horizon (2012.1.4+stable-20121217-5ce39422-0ubuntu1) precise-proposed; urgency=low
* Resynchronize with stable/essex (5ce39422):
- [7e651d7] stable/essex horizon installs unusable version of glance
(LP: #1057125)
- [35eada8] open redirect / phishing attack via "next" parameter
(CVE-2012-3540)
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
(LP: #1031291)
- [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
* Dropped patches, superseeded by snapshot:
- debian/patches/CVE-2012-3540.patch [35eada8]
-- Yolanda Robla Mota <yolanda.robla@canonical.com> Mon, 17 Dec 2012 11:05:44 +0000
keystone (2012.1.4+stable-20121217-c17a9992-0ubuntu1) precise-proposed; urgency=low
[ Chuck Short ]
* debian/keystone.logrotate: Compress log file when rotated. (LP: #1049309)
[ Yolanda Robla Mota ]
* Resynchronize with stable/essex (c17a9992):
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant (CVE-2012-5571)
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys
(LP: #1056373)
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant (LP: #1050025)
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
- [cd1e48a] Memcached Token Backend does not support list tokens
(LP: #1046905)
- [5438d3b] Update user's default tenant partially succeeds without authz
(CVE-2012-3542)
* Dropped, superseeded by new snapshot:
- debian/patches/CVE-2012-4413.patch [58ac669]
- debian/patches/CVE-2012-5571.patch [8735009]
- debian/patches/CVE-2012-3542.patch [5438d3b]
-- Yolanda Robla Mota <yolanda.robla@canonical.com> Mon, 17 Dec 2012 10:47:08 +0000 |
This is a meta-bug used for tracking progress of new updates to Nova, Horizon, Keystone.
nova (2012.1.4+stable-20130402-e52e6912-0ubuntu1) precise-proposed; urgency=low
[ Chuck Short ]
* debian/*.logrotate: compress logfiles when they are rotated. (LP:
#1049915)
[ Yolanda Robla Mota ]
* Resynchronize with stable/essex (LP: #1089488):
- [48e81f1] VNC proxy can be made to connect to wrong VM LP: 1125378
- [3bf5a58] snat rule too broad for some network configurations LP: 1048765
- [efaacda] DOS by allocating all fixed ips LP: 1125468
- [b683ced] Add nosehtmloutput as a test dependency.
- [45274c8] Nova unit tests not running, but still passing for stable/essex
LP: 1132835
- [e02b459] vnc unit-test fixes
- [87361d3] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [e98928c] VNC proxy can be made to connect to wrong VM LP: 1125378
- [c0a10db] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
- [243d516] No authentication on block device used for os-volume_boot
LP: 1069904
- [80fefe5] use_single_default_gateway does not function correctly
(LP: #1075859)
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached (LP: #1079745)
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow (LP: #1062314)
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip (LP: #1017633)
- [20f98c5] failed to allocate fixed ip because old deleted one exists
(LP: #996482)
- [75f6922] snapshot stays in saving state if the vm base image is deleted
(LP: #921774)
- [1076699] lock files may be removed in error dues to permissions issues
(LP: #1051924)
- [40c5e94] ensure_default_security_group() does not call sgh (LP: #1050982)
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called (LP: #1046313)
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough (LP: #1045152)
- [b375b4f] When attach volume lost attach when node restart (LP: #1004791)
- [4ac2dcc] nova usage-list returns wrong usage (LP: #1043999)
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine
(LP: #1040537)
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly
(LP: #1026210)
-- Yolanda Robla Mota <yolanda.robla@canonical.com> Fri, 05 Apr 2013 09:59:20 +0100
horizon (2012.1.4+stable-20130405-5ce39422-0ubuntu1) precise-proposed; urgency=low
* Resynchronize with stable/essex (LP: #1089488):
- [7e651d7] stable/essex horizon installs unusable version of glance
(LP: #1057125)
- [35eada8] open redirect / phishing attack via "next" parameter
(LP: #1039077)
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
(LP: #1031291)
- [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
- [9b22d68] When adding ICMP rule, the type/code is being validated as
from/to ports (LP: #997669)
- [52bbba1] Added --only-selenium option in run_tests.sh
* Dropped patches, superseeded by snapshot:
- debian/patches/CVE-2012-3540.patch [35eada8]
-- Yolanda Robla Mota <yolanda.robla@canonical.com> Fri, 05 Apr 2013 10:14:44 +0100
keystone (2012.1.4+stable-20130405-f48dd0fc-0ubuntu1) precise-proposed; urgency=low
[ Chuck Short ]
* debian/keystone.logrotate: Compress log file when rotated. (LP: #1049309)
[ Yolanda Robla Mota ]
* Resynchronize with stable/essex (LP: #1089488):
- [7402f5e] EC2 authentication does not ensure user or tenant is enabled
LP: 1121494
- [8945567] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
- [7b5b72f] Add size validations for /tokens.
- [ef1e682] docutils 0.10 incompatible with sphinx 1.1.3 LP: 1091333
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant (LP: #1064914)
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys
(LP: #1056373)
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant (LP: #1050025)
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
(LP: #1041396)
- [cd1e48a] Memcached Token Backend does not support list tokens
(LP: #1046905)
- [5438d3b] Update user's default tenant partially succeeds without authz
(LP: #1040626)
* Dropped, superseeded by new snapshot:
- debian/patches/CVE-2012-4413.patch [58ac669]
- debian/patches/CVE-2012-5571.patch [8735009]
- debian/patches/CVE-2012-3542.patch [5438d3b]
-- Yolanda Robla Mota <yolanda.robla@canonical.com> Fri, 05 Apr 2013 10:19:08 +0100
glance (2012.1.4+stable-20130405-74b067df-0ubuntu1) precise-proposed; urgency=low
[ Adam Gandelman ]
* debian/glance-{registry, api}.logrotate: Fix incorrect logfile
locations. (LP: #1049314)
[ Yolanda Robla Mota ]
* debian/rules: skipping pep8 tests to allow building
* Resynchronize with stable/essex (LP: #1089488):
- [74b067d] v1 api returns location as header for cached images LP: 1135541
- [37d4d96] glance image-download can display backend Swift password
LP: 1098962
- [efd7e75] Non-admin users can cause public glance images to be deleted
from the backend storage repository (LP: #1065187)
- [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
* Dropped patches, superseeded by snapshot:
- debian/patches/CVE-2012-4573.patch: [efd7e75]
-- Yolanda Robla Mota <yolanda.robla@canonical.com> Fri, 05 Apr 2013 09:56:36 +0100 |
|
2013-04-24 16:23:28 |
Yolanda Robla |
bug task added |
|
glance |
|
2013-04-24 16:24:15 |
Yolanda Robla |
bug task deleted |
glance |
|
|
2013-04-24 16:29:30 |
Yolanda Robla |
bug task added |
|
glance (Ubuntu) |
|
2013-04-24 16:38:13 |
Yolanda Robla |
description |
This is a meta-bug used for tracking progress of new updates to Nova, Horizon, Keystone.
nova (2012.1.4+stable-20130402-e52e6912-0ubuntu1) precise-proposed; urgency=low
[ Chuck Short ]
* debian/*.logrotate: compress logfiles when they are rotated. (LP:
#1049915)
[ Yolanda Robla Mota ]
* Resynchronize with stable/essex (LP: #1089488):
- [48e81f1] VNC proxy can be made to connect to wrong VM LP: 1125378
- [3bf5a58] snat rule too broad for some network configurations LP: 1048765
- [efaacda] DOS by allocating all fixed ips LP: 1125468
- [b683ced] Add nosehtmloutput as a test dependency.
- [45274c8] Nova unit tests not running, but still passing for stable/essex
LP: 1132835
- [e02b459] vnc unit-test fixes
- [87361d3] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [e98928c] VNC proxy can be made to connect to wrong VM LP: 1125378
- [c0a10db] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
- [243d516] No authentication on block device used for os-volume_boot
LP: 1069904
- [80fefe5] use_single_default_gateway does not function correctly
(LP: #1075859)
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached (LP: #1079745)
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow (LP: #1062314)
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip (LP: #1017633)
- [20f98c5] failed to allocate fixed ip because old deleted one exists
(LP: #996482)
- [75f6922] snapshot stays in saving state if the vm base image is deleted
(LP: #921774)
- [1076699] lock files may be removed in error dues to permissions issues
(LP: #1051924)
- [40c5e94] ensure_default_security_group() does not call sgh (LP: #1050982)
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called (LP: #1046313)
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough (LP: #1045152)
- [b375b4f] When attach volume lost attach when node restart (LP: #1004791)
- [4ac2dcc] nova usage-list returns wrong usage (LP: #1043999)
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine
(LP: #1040537)
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly
(LP: #1026210)
-- Yolanda Robla Mota <yolanda.robla@canonical.com> Fri, 05 Apr 2013 09:59:20 +0100
horizon (2012.1.4+stable-20130405-5ce39422-0ubuntu1) precise-proposed; urgency=low
* Resynchronize with stable/essex (LP: #1089488):
- [7e651d7] stable/essex horizon installs unusable version of glance
(LP: #1057125)
- [35eada8] open redirect / phishing attack via "next" parameter
(LP: #1039077)
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
(LP: #1031291)
- [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
- [9b22d68] When adding ICMP rule, the type/code is being validated as
from/to ports (LP: #997669)
- [52bbba1] Added --only-selenium option in run_tests.sh
* Dropped patches, superseeded by snapshot:
- debian/patches/CVE-2012-3540.patch [35eada8]
-- Yolanda Robla Mota <yolanda.robla@canonical.com> Fri, 05 Apr 2013 10:14:44 +0100
keystone (2012.1.4+stable-20130405-f48dd0fc-0ubuntu1) precise-proposed; urgency=low
[ Chuck Short ]
* debian/keystone.logrotate: Compress log file when rotated. (LP: #1049309)
[ Yolanda Robla Mota ]
* Resynchronize with stable/essex (LP: #1089488):
- [7402f5e] EC2 authentication does not ensure user or tenant is enabled
LP: 1121494
- [8945567] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
- [7b5b72f] Add size validations for /tokens.
- [ef1e682] docutils 0.10 incompatible with sphinx 1.1.3 LP: 1091333
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant (LP: #1064914)
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys
(LP: #1056373)
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant (LP: #1050025)
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
(LP: #1041396)
- [cd1e48a] Memcached Token Backend does not support list tokens
(LP: #1046905)
- [5438d3b] Update user's default tenant partially succeeds without authz
(LP: #1040626)
* Dropped, superseeded by new snapshot:
- debian/patches/CVE-2012-4413.patch [58ac669]
- debian/patches/CVE-2012-5571.patch [8735009]
- debian/patches/CVE-2012-3542.patch [5438d3b]
-- Yolanda Robla Mota <yolanda.robla@canonical.com> Fri, 05 Apr 2013 10:19:08 +0100
glance (2012.1.4+stable-20130405-74b067df-0ubuntu1) precise-proposed; urgency=low
[ Adam Gandelman ]
* debian/glance-{registry, api}.logrotate: Fix incorrect logfile
locations. (LP: #1049314)
[ Yolanda Robla Mota ]
* debian/rules: skipping pep8 tests to allow building
* Resynchronize with stable/essex (LP: #1089488):
- [74b067d] v1 api returns location as header for cached images LP: 1135541
- [37d4d96] glance image-download can display backend Swift password
LP: 1098962
- [efd7e75] Non-admin users can cause public glance images to be deleted
from the backend storage repository (LP: #1065187)
- [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
* Dropped patches, superseeded by snapshot:
- debian/patches/CVE-2012-4573.patch: [efd7e75]
-- Yolanda Robla Mota <yolanda.robla@canonical.com> Fri, 05 Apr 2013 09:56:36 +0100 |
This is a meta-bug used for tracking progress of new updates to Nova, Horizon, Keystone.
nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1) precise-proposed; urgency=low
* Resynchronize with stable/essex (e52e6912) (LP: #1089488):
- [48e81f1] VNC proxy can be made to connect to wrong VM LP: 1125378
- [3bf5a58] snat rule too broad for some network configurations LP: 1048765
- [efaacda] DOS by allocating all fixed ips LP: 1125468
- [b683ced] Add nosehtmloutput as a test dependency.
- [45274c8] Nova unit tests not running, but still passing for stable/essex
LP: 1132835
- [e02b459] vnc unit-test fixes
- [87361d3] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [e98928c] VNC proxy can be made to connect to wrong VM LP: 1125378
- [c0a10db] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
- [243d516] No authentication on block device used for os-volume_boot
LP: 1069904
- [80fefe5] use_single_default_gateway does not function correctly
(LP: #1075859)
- [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
attached (LP: #1079745)
- [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
slow (LP: #1062314)
- [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
fixed_ip (LP: #1017633)
- [20f98c5] failed to allocate fixed ip because old deleted one exists
(LP: #996482)
- [75f6922] snapshot stays in saving state if the vm base image is deleted
(LP: #921774)
- [1076699] lock files may be removed in error dues to permissions issues
(LP: #1051924)
- [40c5e94] ensure_default_security_group() does not call sgh (LP: #1050982)
- [4eebe76] At termination, LXC rootfs is not always unmounted before
rmtree() is called (LP: #1046313)
- [47dabb3] Heavily loaded nova-compute instances don't sent reports
frequently enough (LP: #1045152)
- [b375b4f] When attach volume lost attach when node restart (LP: #1004791)
- [4ac2dcc] nova usage-list returns wrong usage (LP: #1043999)
- [014fcbc] Bridge port's hairpin mode not set after resuming a machine
(LP: #1040537)
- [2f35f8e] Nova flavor ephemeral space size reported incorrectly
(LP: #1026210)
* Dropped, superseeded by new snapshot:
- debian/patches/CVE-2013-0335.patch: [48e81f1]
- debian/patches/CVE-2013-1838.patch: [efaacda]
- debian/patches/CVE-2013-1664.patch: [c0a10db]
- debian/patches/CVE-2013-0208.patch: [243d516]
-- Yolanda <yolanda.robla@canonical.com> Mon, 22 Apr 2013 12:37:08 +0200
horizon (2012.1.3+stable-20130423-5ce39422-0ubuntu1) precise-proposed; urgency=low
* Resynchronize with stable/essex (LP: #1089488)
- [7e651d7] stable/essex horizon installs unusable version of glance
(LP: #1057125)
- [35eada8] open redirect / phishing attack via "next" parameter
(LP: #1039077)
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
(LP: #1031291)
- [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
- [9b22d68] When adding ICMP rule, the type/code is being validated as
from/to ports (LP: #997669)
- [52bbba1] Added --only-selenium option in run_tests.sh
* Dropped patches, superseeded by new snapshot:
- debian/patches/CVE-2012-3540.patch [35eada8]
-- Yolanda <yolanda.robla@canonical.com> Wed, 24 Apr 2013 15:46:28 +0200
keystone (2012.1.3+stable-20130423-f48dd0fc-0ubuntu1) precise-proposed; urgency=low
* Resynchronize with stable/essex (LP: #1089488):
- [7402f5e] EC2 authentication does not ensure user or tenant is enabled
LP: 1121494
- [8945567] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
- [7b5b72f] Add size validations for /tokens.
- [ef1e682] docutils 0.10 incompatible with sphinx 1.1.3 LP: 1091333
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant (LP: #1064914)
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys
(LP: #1056373)
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant (LP: #1050025)
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
(LP: #1041396)
- [cd1e48a] Memcached Token Backend does not support list tokens
(LP: #1046905)
- [5438d3b] Update user's default tenant partially succeeds without authz
(LP: #1040626)
* Dropped patches, superseeded by new snapshot:
- debian/patches/CVE-2013-0282.patch [7402f5e]
- debian/patches/CVE-2013-1664+1665.patch [8945567]
- debian/patches/keystone-CVE-2012-5571.patch [8735009]
- debian/patches/keystone-CVE-2012-4413.patch [58ac669]
- debian/patches/keystone-CVE-2012-3542.patch [5438d3b]
* Refreshed patches:
- debian/patches/CVE-2013-0247.patch
- debian/patches/fix-ubuntu-tests.patch
-- Yolanda <yolanda.robla@canonical.com> Tue, 23 Apr 2013 10:30:16 +0200
glance (2012.1.3+stable-20130423-74b067df-0ubuntu1) precise-proposed; urgency=low
* Resynchronize with stable/essex (74b067df) (LP: #1089488):
- [74b067d] v1 api returns location as header for cached images LP: 1135541
- [37d4d96] glance image-download can display backend Swift password
LP: 1098962
- [efd7e75] Non-admin users can cause public glance images to be deleted
from the backend storage repository (LP: #1065187)
- [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
* Dropped patches, superseeded by snapshot:
- debian/patches/CVE-2013-1840.patch [74b067d]
- debian/patches/CVE-2013-0212.patch [37d4d96]
- debian/patches/CVE-2012-4573.patch [efd7e75]
-- Yolanda <yolanda.robla@canonical.com> Wed, 24 Apr 2013 14:58:09 +0200 |
|
2013-04-24 16:39:02 |
Yolanda Robla |
glance (Ubuntu): status |
New |
Invalid |
|
2013-04-26 07:07:58 |
Yolanda Robla |
glance (Ubuntu): assignee |
|
Yolanda Robla (yolanda.robla) |
|
2013-04-26 07:08:02 |
Yolanda Robla |
horizon (Ubuntu): assignee |
|
Yolanda Robla (yolanda.robla) |
|
2013-04-26 07:08:06 |
Yolanda Robla |
horizon (Ubuntu Precise): assignee |
|
Yolanda Robla (yolanda.robla) |
|
2013-04-26 07:08:10 |
Yolanda Robla |
keystone (Ubuntu): assignee |
|
Yolanda Robla (yolanda.robla) |
|
2013-04-26 07:08:14 |
Yolanda Robla |
keystone (Ubuntu Precise): assignee |
|
Yolanda Robla (yolanda.robla) |
|
2013-04-26 07:08:19 |
Yolanda Robla |
nova (Ubuntu): assignee |
|
Yolanda Robla (yolanda.robla) |
|
2013-04-26 07:08:21 |
Yolanda Robla |
nova (Ubuntu Precise): assignee |
|
Yolanda Robla (yolanda.robla) |
|
2013-04-26 07:08:26 |
Yolanda Robla |
glance (Ubuntu): status |
Invalid |
Fix Committed |
|
2013-04-26 07:08:31 |
Yolanda Robla |
horizon (Ubuntu Precise): status |
Confirmed |
Fix Committed |
|
2013-04-26 07:08:36 |
Yolanda Robla |
horizon (Ubuntu): status |
Invalid |
Fix Committed |
|
2013-04-26 07:08:41 |
Yolanda Robla |
keystone (Ubuntu): status |
Invalid |
Fix Committed |
|
2013-04-26 07:08:46 |
Yolanda Robla |
keystone (Ubuntu Precise): status |
Confirmed |
Fix Committed |
|
2013-04-26 07:08:50 |
Yolanda Robla |
nova (Ubuntu): status |
Invalid |
Fix Committed |
|
2013-04-26 07:08:56 |
Yolanda Robla |
nova (Ubuntu Precise): status |
Confirmed |
Fix Committed |
|
2013-05-09 23:02:38 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2013-05-09 23:02:47 |
Brian Murray |
tags |
|
verification-needed |
|
2013-05-09 23:09:27 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-proposed/glance |
|
2013-05-09 23:45:39 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-proposed/nova |
|
2013-05-09 23:47:29 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-proposed/keystone |
|
2013-05-09 23:52:10 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-proposed/horizon |
|
2013-05-16 07:30:11 |
Yolanda Robla |
attachment added |
|
2012.1.3+stable-20130405-e52e6912-0ubuntu1.log https://bugs.launchpad.net/bugs/1089488/+attachment/3678007/+files/2012.1.3%2Bstable-20130405-e52e6912-0ubuntu1.log |
|
2013-05-16 07:32:33 |
Yolanda Robla |
attachment added |
|
2012.1.3+stable-20130405-e52e6912-0ubuntu1.log https://bugs.launchpad.net/bugs/1089488/+attachment/3678023/+files/2012.1.3%2Bstable-20130405-e52e6912-0ubuntu1.log |
|
2013-05-16 07:37:57 |
Yolanda Robla |
attachment added |
|
2012.1.3+stable-20130423-74b067df-0ubuntu1.log https://bugs.launchpad.net/bugs/1089488/+attachment/3678041/+files/2012.1.3%2Bstable-20130423-74b067df-0ubuntu1.log |
|
2013-05-16 07:38:52 |
Yolanda Robla |
tags |
verification-needed |
verification-done |
|
2013-05-16 17:26:38 |
Scott Kitterman |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2013-05-16 17:27:13 |
Launchpad Janitor |
horizon (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
2013-05-16 17:27:13 |
Launchpad Janitor |
cve linked |
|
2012-3540 |
|
2013-05-16 17:27:27 |
Launchpad Janitor |
glance (Ubuntu): status |
Fix Committed |
Fix Released |
|
2013-05-16 17:27:27 |
Launchpad Janitor |
cve linked |
|
2012-4573 |
|
2013-05-16 17:27:27 |
Launchpad Janitor |
cve linked |
|
2013-0212 |
|
2013-05-16 17:27:27 |
Launchpad Janitor |
cve linked |
|
2013-1840 |
|
2013-05-16 17:27:32 |
Launchpad Janitor |
nova (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
2013-05-16 17:27:32 |
Launchpad Janitor |
cve linked |
|
2013-0208 |
|
2013-05-16 17:27:32 |
Launchpad Janitor |
cve linked |
|
2013-0335 |
|
2013-05-16 17:27:32 |
Launchpad Janitor |
cve linked |
|
2013-1664 |
|
2013-05-16 17:27:32 |
Launchpad Janitor |
cve linked |
|
2013-1838 |
|
2013-05-16 17:28:30 |
Launchpad Janitor |
keystone (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
2013-05-16 17:28:30 |
Launchpad Janitor |
cve linked |
|
2012-3542 |
|
2013-05-16 17:28:30 |
Launchpad Janitor |
cve linked |
|
2012-4413 |
|
2013-05-16 17:28:30 |
Launchpad Janitor |
cve linked |
|
2012-5571 |
|
2013-05-16 17:28:30 |
Launchpad Janitor |
cve linked |
|
2013-0247 |
|
2013-05-16 17:28:30 |
Launchpad Janitor |
cve linked |
|
2013-0282 |
|
2013-05-16 17:39:33 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-updates/nova |
|
2014-03-07 14:39:26 |
James Page |
nova (Ubuntu): status |
Fix Committed |
Invalid |
|
2014-03-07 14:39:31 |
James Page |
keystone (Ubuntu): status |
Fix Committed |
Invalid |
|
2014-03-07 14:39:34 |
James Page |
horizon (Ubuntu): status |
Fix Committed |
Invalid |
|