Package: cinder / 2014.1.3-11+deb8u1

Metadata

Package Version Patches format
cinder 2014.1.3-11+deb8u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
install missing files.patch | (download)

MANIFEST.in | 30 30 + 0 - 0 !
1 file changed, 30 insertions(+)

 install some missing files
CVE 2014 7230_CVE 2014 7231_Sync_process_utils_from_oslo.patch | (download)

cinder/openstack/common/processutils.py | 14 9 + 5 - 0 !
1 file changed, 9 insertions(+), 5 deletions(-)

 sync process utils from oslo
 This patch backports the missing change to fix ssh_execute password leak
 .
 The sync pulls in the following changes:
 105169f8 - Mask passwords in exceptions and error messages (SSH)
Sync_latest_strutils_from_oslo incubator_for_mask_password_fix.patch | (download)

cinder/openstack/common/strutils.py | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 sync latest strutils from oslo-incubator for mask_password fix
 This sync pulls in:
   1131b56 Enable mask_password to handle byte code strings
 .
 This is the only update since the last sync:
   beca4db Sync latest strutils from oslo-incubator
 .
 This is needed to fix a delete volume failure when processutils
 calls mask_password with a byte code string.
CVE 2015 1851_Disallow_backing_files_when_uploading_volumes_to_image.patch | (download)

cinder/image/image_utils.py | 14 14 + 0 - 0 !
cinder/tests/test_image_utils.py | 8 8 + 0 - 0 !
2 files changed, 22 insertions(+)

 disallow backing files when uploading volumes to image
 Volumes with a header referencing a backing file can leak file data into the
 destination image when uploading a volume to an image.
 .
 Halt the upload process if the volume data references a backing file to
 prevent this.