Package: neutron / 2:9.1.1-3+deb9u1

Metadata

Package Version Patches format
neutron 2:9.1.1-3+deb9u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fix requirements.txt.patch | (download)

requirements.txt | 6 2 + 4 - 0 !
1 file changed, 2 insertions(+), 4 deletions(-)

 fix requirements.txt
flake8 legacy.patch | (download)

neutron/tests/unit/hacking/test_checks.py | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 use legacy api as provided in flake8 >= 3.0.0
allow sqla 1.1.patch | (download)

requirements.txt | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 allow sqlalchemy 1.1
CVE 2019 9735_When_converting_sg_rules_to_iptables_do_not_emit_dport_if_not_supported.patch | (download)

neutron/agent/linux/iptables_firewall.py | 20 15 + 5 - 0 !
neutron/tests/unit/agent/linux/test_iptables_firewall.py | 14 14 + 0 - 0 !
2 files changed, 29 insertions(+), 5 deletions(-)

 cve-2019-9735: when converting sg rules to iptables, do not emit dport if not supported
 Since iptables-restore doesn't support --dport with protocol vrrp,
 it errors out setting the security groups on the hypervisor.
 .
 Marking this a partial fix, since we need a change to prevent
 adding those incompatible rules in the first place, but this
 patch will stop the bleeding.

Bug: #1818385