Publishing details

Changelog

nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: ssl not enforced when qpid_protocol is set to ssl
    - debian/patches/CVE-2013-6491.patch: set the right parameter in
      nova/rpc/impl_qpid.py
    - LP: #1158807
    - CVE-2013-6491
  * SECURITY UPDATE: information disclosure via incorrect KVM live block
    migration
    - debian/patches/CVE-2013-7130.patch: fix root disk leak in
      nova/virt/libvirt/connection.py, add upstream test and additional test
      (test_create_images_and_backing_full()) to nova/tests/test_libvirt.py
    - CVE-2013-7130
  * SECURITY UPDATE: denial of service via disk consumption
    - debian/patches/CVE-2013-446x.patch: don't boot oversized images in
      nova/virt/images.py, and nova/virt/libvirt/connection.py. Update tests
      in nova/tests/test_libvirt.py
    - CVE-2013-4463
    - CVE-2013-4469
 -- Jamie Strandboge <email address hidden>   Wed, 14 May 2014 15:14:36 -0500

Available diffs

Builds

Built packages

Package files