glance 1:2014.1.5-0ubuntu1.1 source package in Ubuntu
Changelog
glance (1:2014.1.5-0ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: access restrictions bypass via status changing
- debian/patches/CVE-2015-5251.patch: prevent image status being
directly modified in glance/api/v1/__init__.py,
glance/api/v1/images.py, glance/tests/functional/v1/test_api.py,
glance/tests/integration/legacy_functional/test_v1_api.py,
test-requirements.txt.
- CVE-2015-5251
* SECURITY UPDATE: storage quota bypass
- debian/patches/CVE-2015-5286.patch: cleanup chunks for deleted image
if token expired in glance/api/v1/upload_utils.py,
glance/api/v2/image_data.py.
- CVE-2015-5286
* SECURITY UPDATE: image status manipulation through locations removal
- debian/patches/CVE-2016-0757.patch: prevent user from removing last
location of the image in glance/api/v2/images.py,
glance/tests/functional/v2/test_images.py,
glance/tests/unit/v2/test_images_resource.py.
- CVE-2016-0757
-- Marc Deslauriers <email address hidden> Fri, 25 Aug 2017 13:10:04 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Trusty
- Original maintainer:
- OpenStack Ubuntu packagers
- Architectures:
- all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Trusty | updates | main | net | |
| Trusty | security | main | net |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| glance_2014.1.5.orig.tar.gz | 2.0 MiB | 837b0b4678c30a6eb16b83452f8e6767347477f8b56fd2ee0a48ad11e4e56bb1 |
| glance_2014.1.5-0ubuntu1.1.debian.tar.gz | 20.7 KiB | a01136eada23776e05e56f215fc85896dee0c9f1fbf2ca13969c1ee7d1047d71 |
| glance_2014.1.5-0ubuntu1.1.dsc | 3.0 KiB | 050a22f0a680882727e7c3c2e81a1c893e377fd369dc216112402987ec4f21b7 |
Available diffs
Binary packages built by this source
- glance: OpenStack Image Registry and Delivery Service - Daemons
The Glance project provides an image registration and discovery service
and an image delivery service. These services are used
in conjunction by Nova to deliver images from object stores, such as
OpenStack's Swift service, to Nova's compute nodes.
.
This package is a metapackage for all glance daemons.
- glance-api: OpenStack Image Registry and Delivery Service - API
The Glance project provides an image registration, discovery and
delivery service. These services may be used as stand-along services, and
they may also be used by Nova to deliver images from object stores, such as
OpenStack's Swift service, to Nova's compute nodes.
.
This package contains the glance API server.
- glance-common: OpenStack Image Registry and Delivery Service - Common
The Glance project provides an image registration, discovery and
delivery service. These services may be used as stand-along services, and
they may also be used by Nova to deliver images from object stores, such as
OpenStack's Swift service, to Nova's compute nodes.
.
This package contains the glance common.
- glance-registry: OpenStack Image Registry and Delivery Service - Registry
The Glance project provides an image registration, discovery and
delivery service. These services may be used as stand-along services, and
they may also be used by Nova to deliver images from object stores, such as
OpenStack's Swift service, to Nova's compute nodes.
.
This package contains the glance registry server.
- python-glance: OpenStack Image Registry and Delivery Service - Python library
The Glance project provides an image registration and discovery service
and an image delivery service. These services are used
in conjunction by Nova to deliver images from object stores, such as
OpenStack's Swift service, to Nova's compute nodes.
.
This package contains the Python libraries.
- python-glance-doc: OpenStack Image Registry and Delivery Service - Documentation
The Glance project provides an image registration and discovery service
(Parallax) and an image delivery service (Teller). These services are used
in conjunction by Nova to deliver images from object stores, such as
OpenStack's Swift service, to Nova's compute nodes.
.
This package contains the documentation.
