-
Committer:
Yolanda Robla
-
Date:
2012-12-17 10:59:15 UTC
-
Revision ID:
yolanda.robla@canonical.com-20121217105915-muh7phqj2psghgez
[ Yolanda Robla Mota ]
* Resynchronize with stable/essex (efd7e75b):
- [efd7e75] Non-admin users can cause public glance images to be deleted
from the backend storage repository (CVE-2012-4573)
- [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
* Dropped patches, superseeded by snapshot:
- debian/patches/CVE-2012-4573.patch: [efd7e75]
* SECURITY UPDATE: deletion of arbitrary public and shared images via
authenticated user
- debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
ensure image is owned by user before delayed_deletion
- CVE-2012-4573