Debian Bug report logs -
#710157
CVE-2013-2096
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 28 May 2013 16:30:05 UTC
Severity: grave
Tags: security
Fixed in version nova/2013.1.2-2
Done: Thomas Goirand <zigo@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>:
Bug#710157; Package nova.
(Tue, 28 May 2013 16:30:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>.
(Tue, 28 May 2013 16:30:10 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: nova
Severity: grave
Tags: security
Hi,
please see:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2096
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>:
Bug#710157; Package nova.
(Mon, 03 Jun 2013 19:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Jeff Licquia <licquia@debian.org>:
Extra info received and forwarded to list. Copy sent to PKG OpenStack <openstack-devel@lists.alioth.debian.org>.
(Mon, 03 Jun 2013 19:21:04 GMT) (full text, mbox, link).
Message #10 received at 710157@bugs.debian.org (full text, mbox, reply):
https://bugs.launchpad.net/nova/+bug/1177830/comments/21
Reply sent
to Thomas Goirand <zigo@debian.org>:
You have taken responsibility.
(Sun, 04 Aug 2013 12:03:27 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Sun, 04 Aug 2013 12:03:27 GMT) (full text, mbox, link).
Message #15 received at 710157-close@bugs.debian.org (full text, mbox, reply):
Source: nova
Source-Version: 2013.1.2-2
We believe that the bug you reported is fixed in the latest version of
nova, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 710157@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated nova package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 24 Apr 2013 00:04:19 +0800
Source: nova
Binary: python-nova nova-common nova-compute nova-compute-lxc nova-compute-uml nova-compute-xen nova-compute-qemu nova-compute-kvm nova-xcp-plugins nova-conductor nova-cert nova-scheduler nova-volume nova-api nova-network nova-console nova-consoleauth nova-doc nova-cells nova-baremetal nova-consoleproxy
Architecture: source all
Version: 2013.1.2-2
Distribution: unstable
Urgency: low
Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
nova-api - OpenStack Compute - compute API frontend
nova-baremetal - Openstack Compute - baremetal virt
nova-cells - Openstack Compute - cells
nova-cert - OpenStack Compute - certificate manager
nova-common - OpenStack Compute - common files
nova-compute - OpenStack Compute - compute node
nova-compute-kvm - OpenStack Compute - compute node (KVM)
nova-compute-lxc - OpenStack Compute - compute node (LXC)
nova-compute-qemu - OpenStack Compute - compute node (QEmu)
nova-compute-uml - OpenStack Compute - compute node (UserModeLinux)
nova-compute-xen - OpenStack Compute - compute node (Xen)
nova-conductor - OpenStack Compute - conductor service
nova-console - OpenStack Compute - console
nova-consoleauth - OpenStack Compute - Console Authenticator
nova-consoleproxy - OpenStack Compute - NoVNC proxy
nova-doc - OpenStack Compute - documentation
nova-network - OpenStack Compute - network manager
nova-scheduler - OpenStack Compute - virtual machine scheduler
nova-volume - OpenStack Compute - storage metapackage
nova-xcp-plugins - OpenStack Compute plugin for the Xen Cloud Platform
python-nova - OpenStack Compute - libraries
Closes: 706011 706013 707600 710157 711326 711541
Changes:
nova (2013.1.2-2) unstable; urgency=low
.
* Uploading to unstable (Closes: #710157, #711326, #711541, #707600).
* New upstream release.
* Added Should-Start/stop: postgresql mysql in init scripts (Closes: #706013)
thanks to Julien Cristau for reporting.
* Fixed logrotate scripts for nova-xvpvncproxy and nova-consoleauth
(Closes: #706011). Thanks to Julien Cristau for reporting.
* Adds memcache_convert_host_value_from_unicode_to_a_string.patch
* CVE-2013-2030: Remove insecure default for signing_dir option from the
api-paste.ini (Closes: #707600).
* Removes memcache_convert_host_value_from_unicode_to_a_string.patch which
is now applied upstream.
* Moves Suggests: as Depends: for novnc and websockify for nova-novncproxy.
* Merged nova-xcp* into a single binary package.
* Merged NoVNC, XVP and SPICE console into a single binary package.
* Now using a single log file for all types of console proxy, and
logrotate that (Closes: #706011).
* Ran wrap-and-sort.
* Added Make nova-api use servicegroup.API.service_is_up() patch, so that
nova can work with multiple redundant memecached using heartbeat.
* Killed the nova-objectstore package.
* testrepository build-depends is now version >= 0.0.14
* Reviewed a bit the init scripts boot dependencies, and added a few
Should-Start / Should-Stop to make sure mysql, postgress and keystone are
up and running.
* Removed debian/python-nova.postinst, as update-python-modules
--post-install is managed by dh_python2.
* Added missing nova-compute dependencies in the nova-compute-<whatever>
packages.
* Sets default security_group_api = quantum.
* Starts nova after rabbit and ntp.
Checksums-Sha1:
1240a51070a03b9ab3a1ba9bba3246f3b114c40b 3645 nova_2013.1.2-2.dsc
2da4830bd3017ba36a9cee51978619bfc2fec447 2439524 nova_2013.1.2.orig.tar.xz
9e6a859459fc0ab547fe04a204ba362215b4d1e0 64265 nova_2013.1.2-2.debian.tar.gz
7172be0abfc297456c660eb4f9d34aeb60d5cb61 1257728 python-nova_2013.1.2-2_all.deb
a333c36e3a86a0cccef9ccfcbfdd1b2adcb40253 50214 nova-common_2013.1.2-2_all.deb
d307564f371aa0209f77a21c4110988387d423fe 18234 nova-compute_2013.1.2-2_all.deb
ab8a5eade1a7c473cd8eff695a9fc2e5c676e523 12878 nova-compute-lxc_2013.1.2-2_all.deb
97c33c3256c4651943a3e33672e01aec58daf34d 12898 nova-compute-uml_2013.1.2-2_all.deb
358ba50a947a701a36d29da972c2159e0dccef2f 23350 nova-compute-xen_2013.1.2-2_all.deb
f211829d5fb57728f0c0001da5bebe49217d1757 12890 nova-compute-qemu_2013.1.2-2_all.deb
2d38cb1da931b7887739d433da838086212d221a 12966 nova-compute-kvm_2013.1.2-2_all.deb
c1d2000b43b241a54e07a1660ce8eaea946d9190 34766 nova-xcp-plugins_2013.1.2-2_all.deb
f8a9003836645e32d9b7659c92bdedea8de930f2 15718 nova-conductor_2013.1.2-2_all.deb
1da0b2b7c700c460ba79241a28083b23f929d5fb 15804 nova-cert_2013.1.2-2_all.deb
a34ef16307c2280d920d313eeedba2da6bf90614 17342 nova-scheduler_2013.1.2-2_all.deb
6264ef7de9305736d9fca8f7e2f21e47c13dd8c7 12570 nova-volume_2013.1.2-2_all.deb
e29c68e7043b14a23722f0b5629540b2b0d4bf52 23182 nova-api_2013.1.2-2_all.deb
b3c7e1d47b7ccfac51441308aea32df6e93d8ab7 18990 nova-network_2013.1.2-2_all.deb
97448d6c6e30d7ac0d5f991bcde6c9cdb0203f16 15832 nova-console_2013.1.2-2_all.deb
853058cefb3dc0d1a090aac2594a8de878542379 15614 nova-consoleauth_2013.1.2-2_all.deb
696f8a9575d94091d90b8fe4166c98bca41d09b0 2194344 nova-doc_2013.1.2-2_all.deb
d8e103304fb33c4fa62d2f7922b553f39b22b08c 14844 nova-cells_2013.1.2-2_all.deb
535c680cbf7d27a7aa9605d47b36f47b8d7d9885 19210 nova-baremetal_2013.1.2-2_all.deb
e7647cf42aa40ffa93475594f4420d7751f0b7c0 18934 nova-consoleproxy_2013.1.2-2_all.deb
Checksums-Sha256:
b60704e4f97609b6b0fb593e8c6eb609b4eaaa01f86c586607f2bd469dd8a6f5 3645 nova_2013.1.2-2.dsc
cd45bf6e16f7045ba160786efde311226ba025954a165198cce1c0a93f11450e 2439524 nova_2013.1.2.orig.tar.xz
118f7290a8be4b88d17d99b8e497bf7681c1b67a26e6c1902870b0b59d270e0c 64265 nova_2013.1.2-2.debian.tar.gz
3cab364e54d0ceddfe0a264653069fd40f9743a95ad90633c0c78c93cde5ff74 1257728 python-nova_2013.1.2-2_all.deb
a728ad546d26f5cfc8b3acc51dc5805b068758ed0facd52016805f20055e6864 50214 nova-common_2013.1.2-2_all.deb
f7db735b9c072622c3ca106a1ab00158a44719cde4e7da7d10bfa3132124b39c 18234 nova-compute_2013.1.2-2_all.deb
85f5aaa6a5a3c8b898be4a4bdd1ab77f2bc9849a4271501d1c00c45f0b63a30b 12878 nova-compute-lxc_2013.1.2-2_all.deb
a98f67c8a64047ac91ff10c5787f8945dd55dc7808de8ad2e1ccacf8dcf0ad4b 12898 nova-compute-uml_2013.1.2-2_all.deb
48c14f10c3182b80fa9a2dc1a37a5ff9a27e02d807150e6e05d944cff735de8e 23350 nova-compute-xen_2013.1.2-2_all.deb
5b415622eb3c17718895893aeff267161a962b919a62b82e8cac9ece27d3469b 12890 nova-compute-qemu_2013.1.2-2_all.deb
9fbac6c65b5961bc22d00df62d7cfc0be2d32cb0993ef87b5988ae1132b2391a 12966 nova-compute-kvm_2013.1.2-2_all.deb
89866331ed49fade5ac5a9e0fbdec3119e1039d66df87e53e18ae7b716a0aac1 34766 nova-xcp-plugins_2013.1.2-2_all.deb
b2f44b104e694a81b09d8e2a8ba9355a540b246470e8ba8575489ee5b8ab0295 15718 nova-conductor_2013.1.2-2_all.deb
16b308b99f4b2660a690e70d132204ee0795c425d15b8eb4da11bb491a9cca17 15804 nova-cert_2013.1.2-2_all.deb
554b4076fe6eb05b98acf1ee86aaf544243584eb01f9536ecc016b0bfbb615ae 17342 nova-scheduler_2013.1.2-2_all.deb
400f75bcb88d6d46ab68102cbd31e079708b153cf476aef25b880365b0348377 12570 nova-volume_2013.1.2-2_all.deb
18d2676de4f6afd60887e7d0c0e4e606965c3156cc636b0b6664689bad715589 23182 nova-api_2013.1.2-2_all.deb
28427dd7129b2fdcdb2c7d2bbe48528c05fc8603b00d3f1eb22d7b08b71a0a8c 18990 nova-network_2013.1.2-2_all.deb
cad1e8145f2bf21ce7718665297593d551466d7cad9664e4a8699a236fd15a8d 15832 nova-console_2013.1.2-2_all.deb
983f46bdb3b0d2b5e70d4a40047624639e9c86a5413a626d0f3459af3af8ba3c 15614 nova-consoleauth_2013.1.2-2_all.deb
5de1ae99afc4cf1a7eeae7682aad5f3480ead0e83fd98e2190e53db55519d590 2194344 nova-doc_2013.1.2-2_all.deb
c1548e85d5b1f8080c1b0ee1d2c79de70621fc03b3a89f1d9e9c1a79ba33f353 14844 nova-cells_2013.1.2-2_all.deb
85bb749c2986df8f417191c6db1035bd25d143013e20b339f7da38d1da32f275 19210 nova-baremetal_2013.1.2-2_all.deb
88302801ffa12ebea5431f25ee0c1d5eaa0c7811e1462cef08f937c80895cba4 18934 nova-consoleproxy_2013.1.2-2_all.deb
Files:
d6fa6421f7f0409e565d9e56cf6d7198 3645 net extra nova_2013.1.2-2.dsc
948f3e2f3252388e4737c53189821db6 2439524 net extra nova_2013.1.2.orig.tar.xz
c73fa4be6fe34621b78383e88fc54998 64265 net extra nova_2013.1.2-2.debian.tar.gz
663f8e5face91cad0225b3206a7c147c 1257728 python extra python-nova_2013.1.2-2_all.deb
2037825800b2a149e1715b0896e6c582 50214 net extra nova-common_2013.1.2-2_all.deb
a84fc6489a38d52e314cc8f5f6c37261 18234 net extra nova-compute_2013.1.2-2_all.deb
b0079f1c0efa200e1b2719394e9a5cab 12878 net extra nova-compute-lxc_2013.1.2-2_all.deb
9f663c52dd325173fb82eb28bcd857d9 12898 net extra nova-compute-uml_2013.1.2-2_all.deb
72a00c432c112dcefc261da18c91a157 23350 net extra nova-compute-xen_2013.1.2-2_all.deb
93038994e7144631084afd86c1e8f364 12890 net extra nova-compute-qemu_2013.1.2-2_all.deb
d5ad84036c5e1b29a4d6c7b6fb9cb01a 12966 net extra nova-compute-kvm_2013.1.2-2_all.deb
2f8f7acfeb50b85f81b29ebbb1511810 34766 net extra nova-xcp-plugins_2013.1.2-2_all.deb
9dc4c9ca8da2363603fab5f13a10f15c 15718 net extra nova-conductor_2013.1.2-2_all.deb
7c546da905c0bb29828ac5b7f0028bb3 15804 net extra nova-cert_2013.1.2-2_all.deb
92d2b966001d153c69f7a39b03c5ce23 17342 net extra nova-scheduler_2013.1.2-2_all.deb
eb2c12748cd2f83e5757bf16bf870628 12570 oldlibs extra nova-volume_2013.1.2-2_all.deb
63aca788833c9aa4d1886ca2cd12fe7f 23182 net extra nova-api_2013.1.2-2_all.deb
f58dc38ec36559310f098d23ea5246d7 18990 net extra nova-network_2013.1.2-2_all.deb
4f30c4cedda87a01ddabae50274a73c0 15832 net extra nova-console_2013.1.2-2_all.deb
7da1ecf38eb7f3ef796f15f27abd65e6 15614 net extra nova-consoleauth_2013.1.2-2_all.deb
5b6ecc4eba1604137028cf6409e98e09 2194344 doc extra nova-doc_2013.1.2-2_all.deb
8701d87775f6a8eed9e91a95de2f975e 14844 net extra nova-cells_2013.1.2-2_all.deb
553cfc6b04be973c38233df4889322a5 19210 net extra nova-baremetal_2013.1.2-2_all.deb
a2c371d819b41d9929e4ed095a92deed 18934 net extra nova-consoleproxy_2013.1.2-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlHiQRgACgkQl4M9yZjvmkm4KgCguiMfmLT0ROtjky1E8TfPGuOu
QygAoNeHzsEwAtRdpvg2fMQUDWa3VPhy
=BFkz
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 02 Sep 2013 07:29:34 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:30:15 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon