Your message dated Fri, 14 Feb 2014 07:03:53 +0000
with message-id <e1wecot-0007ic...@franck.debian.org>
and subject line Bug#736465: fixed in nova 2013.2.2-1
has caused the Debian Bug report #736465,
regarding nova: CVE-2013-7130: Live migration can leak root disk into ephemeral
storage
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
736465: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736465
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: nova
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for nova.
CVE-2013-7130[0,1]:
Live migration can leak root disk into ephemeral storage
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7130
http://security-tracker.debian.org/tracker/CVE-2013-7130
[1] https://bugs.launchpad.net/nova/+bug/1251590
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: nova
Source-Version: 2013.2.2-1
We believe that the bug you reported is fixed in the latest version of
nova, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 736...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated nova package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 14 Feb 2014 13:53:10 +0800
Source: nova
Binary: python-nova nova-common nova-compute nova-compute-lxc nova-compute-uml
nova-compute-qemu nova-compute-kvm nova-conductor nova-cert nova-scheduler
nova-volume nova-api nova-network nova-console nova-consoleauth nova-doc
nova-cells nova-baremetal nova-consoleproxy
Architecture: source all
Version: 2013.2.2-1
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Description:
nova-api - OpenStack Compute - compute API frontend
nova-baremetal - Openstack Compute - baremetal virt
nova-cells - Openstack Compute - cells
nova-cert - OpenStack Compute - certificate manager
nova-common - OpenStack Compute - common files
nova-compute - OpenStack Compute - compute node
nova-compute-kvm - OpenStack Compute - compute node (KVM)
nova-compute-lxc - OpenStack Compute - compute node (LXC)
nova-compute-qemu - OpenStack Compute - compute node (QEmu)
nova-compute-uml - OpenStack Compute - compute node (UserModeLinux)
nova-conductor - OpenStack Compute - conductor service
nova-console - OpenStack Compute - console
nova-consoleauth - OpenStack Compute - Console Authenticator
nova-consoleproxy - OpenStack Compute - NoVNC proxy
nova-doc - OpenStack Compute - documentation
nova-network - OpenStack Compute - network manager
nova-scheduler - OpenStack Compute - virtual machine scheduler
nova-volume - OpenStack Compute - storage metapackage
python-nova - OpenStack Compute - libraries
Closes: 736465 736926
Changes:
nova (2013.2.2-1) unstable; urgency=high
.
[ Thomas Goirand ]
* New upstream point release (Closes: #736926, #736465).
* Added gustavo panizzo <g...@zumbi.com.ar> as uploader.
* Standards-Version: is now 3.9.5.
* Refreshed Ceph backport patch.
.
[ gustavo panizzo ]
* nova-manage db sync failure is not fatal in nova-common.postinst
Checksums-Sha1:
2aa487e66b431a25d7c6b3272776ae55d96919b0 4572 nova_2013.2.2-1.dsc
cc7f0c374a81bca75856117fe1ea2c88ea34d678 2881912 nova_2013.2.2.orig.tar.xz
ea29bc9c8060f9cc127be339d8734ab396e7a69d 73768 nova_2013.2.2-1.debian.tar.xz
a5cb4f8bb204e509f88d838c55bdbd99a67faa6a 1649632 python-nova_2013.2.2-1_all.deb
eb7b608770bc01538404aaf89daad659b6b24e11 49986 nova-common_2013.2.2-1_all.deb
05bfc918ffad186eb4ca873e8795f77a3a125dad 19530 nova-compute_2013.2.2-1_all.deb
0aa8a7641cceacf23104804bdef1a13397633f11 15006
nova-compute-lxc_2013.2.2-1_all.deb
971cf54fe531123eb602d82b2ab2531e6d1aae9c 15022
nova-compute-uml_2013.2.2-1_all.deb
6e2d8c5f7493a888fff3d7d4e3b23aaf74a042f3 15014
nova-compute-qemu_2013.2.2-1_all.deb
df73bb0a82520d199cefe486b6bcec5657397c61 15096
nova-compute-kvm_2013.2.2-1_all.deb
1a2e906a55b5b49ea6800114aaf5212f58d459aa 17218
nova-conductor_2013.2.2-1_all.deb
11638b13f11fe5b8155faf2d369a786e3dff175c 17332 nova-cert_2013.2.2-1_all.deb
bf641ae15ae422a6b334076cbf966f61b29d25e2 18320
nova-scheduler_2013.2.2-1_all.deb
caccdff778496cccfbb8cf534430fc1e71ec7092 14624 nova-volume_2013.2.2-1_all.deb
e34805a33a0d318899914413bf3fcd4ef1dba003 33664 nova-api_2013.2.2-1_all.deb
97445cded6f6cfe37299fad11ebedc7d9aa1bd9f 19330 nova-network_2013.2.2-1_all.deb
cad7a4302e95be229f17cc5ae86e2dd245bd5ad4 17354 nova-console_2013.2.2-1_all.deb
3a3fc062e122c2d5bd8b6da182c83d5b0c430731 17340
nova-consoleauth_2013.2.2-1_all.deb
abadcbe25210388aef4a34241019fc626cf7f1bb 1290918 nova-doc_2013.2.2-1_all.deb
d603ddd838cd48b16da3ed058ab0019488d4eae6 16332 nova-cells_2013.2.2-1_all.deb
bea63eb1f423d66d007fc8e3151347bd1d31e710 16674
nova-baremetal_2013.2.2-1_all.deb
00df31c665966e6d8d4dc2f45c03ef830e9d3c1e 22420
nova-consoleproxy_2013.2.2-1_all.deb
Checksums-Sha256:
999f4ca8809b0244971b5189f7a80593607155856b71704c5e14fa57b9782e6e 4572
nova_2013.2.2-1.dsc
1d35ea0f06e8fe2ca0feace2528443fa733847c05e1fb52e94b255433a7b82be 2881912
nova_2013.2.2.orig.tar.xz
7eddeffdd4a1b19a2937b36d65cdda61e528455dc9e22d2b9c16145e4d9ef23c 73768
nova_2013.2.2-1.debian.tar.xz
24d88b472bcd3617fdca3e33463a486a35b94a874b36eb8d87c0d82179f8ab5b 1649632
python-nova_2013.2.2-1_all.deb
9fcbdf743762774d6a668a17cd9d4b52106305fc48a948ebb9c8f2bb4d99e3ca 49986
nova-common_2013.2.2-1_all.deb
32467044e92c547b2615283dd828e8a082d5881ce83276f3e0b54aa7e4d81042 19530
nova-compute_2013.2.2-1_all.deb
0b6c1078d17fb255e63253f0753c4abc69d520c9e5c2f4fa7896d30a85c390c3 15006
nova-compute-lxc_2013.2.2-1_all.deb
bfcb1ded421a81d9a1c73c2a176cfe921ae1c65781f6c22eda744b2d285256a8 15022
nova-compute-uml_2013.2.2-1_all.deb
a1ead1a0f3e2b723ae8f7ead6bc80cb2c0d733fb8fc1eabc0a6b1eb7c633eeea 15014
nova-compute-qemu_2013.2.2-1_all.deb
872f6a62e54656bebb333a8502a621310bf756c10800c8b72dd869b604017b0a 15096
nova-compute-kvm_2013.2.2-1_all.deb
21ebe701b8e0bd4840a2a22994f848571743bc6d85fe0ab5bab9c51165dbb9a4 17218
nova-conductor_2013.2.2-1_all.deb
d4e54315ce836975ec3e5a806e0368b325d0423ab7e309bedd840d8dee46fb5a 17332
nova-cert_2013.2.2-1_all.deb
b5c38c65e652067832eefb1de68f4eab5eb4681bcdffea99ecb25f7a427cef2f 18320
nova-scheduler_2013.2.2-1_all.deb
10357fb83e19435e1d3a83e845b35b738f788b2683687daf6e9b657718fdd34a 14624
nova-volume_2013.2.2-1_all.deb
cab51c20b5dde95cfa407bea38dab523f74ba872214f9e918f24427fd16c2294 33664
nova-api_2013.2.2-1_all.deb
801d6dfd27496d3e07de115d24bca58c3d4ecfbc6941357db466b41f157069d6 19330
nova-network_2013.2.2-1_all.deb
533bc2b352dfcd4d1a751763eb071557b6d06d2c9110db259f5eb135c7cdce64 17354
nova-console_2013.2.2-1_all.deb
f2dceb14cf51db4912a5543874fe7019294c6f2224e215f88fc3bf1ca80a25d5 17340
nova-consoleauth_2013.2.2-1_all.deb
9ba9a1dbc63b356d77ba39f85507486c55c738096ea49dd7a2deb67e7a48c33a 1290918
nova-doc_2013.2.2-1_all.deb
3ec65134715a0c8b130ef7ccfd3fe805e571105fc05a468c0778e809c1fb9b38 16332
nova-cells_2013.2.2-1_all.deb
108ae508ff02fa9e7dff53ba1950621bb355d64c7fd524e389a53c1e1442916e 16674
nova-baremetal_2013.2.2-1_all.deb
5bc05301aaeb6d876503b7966855b6631e093a545ee963e5b2627d6509f83d85 22420
nova-consoleproxy_2013.2.2-1_all.deb
Files:
f6ef88c897dc2340f4a8c5328ec7a8c2 4572 net extra nova_2013.2.2-1.dsc
7c5b0ab0ffbdd7d844b61730aa2478df 2881912 net extra nova_2013.2.2.orig.tar.xz
f50af73c0d476c76f3eb7f7f80a3adf5 73768 net extra nova_2013.2.2-1.debian.tar.xz
52732c2d3e4dc42dde003780405f5289 1649632 python extra
python-nova_2013.2.2-1_all.deb
38cb117f704c8b6056dd77b68d88659b 49986 net extra nova-common_2013.2.2-1_all.deb
8da517a926025bf6dbbfcac5cb9c3940 19530 net extra
nova-compute_2013.2.2-1_all.deb
cadcb9c24dd178c3cbd7de845e6b4ec3 15006 net extra
nova-compute-lxc_2013.2.2-1_all.deb
452dac7b4f1b8f4aa8e3eecc9abe68b0 15022 net extra
nova-compute-uml_2013.2.2-1_all.deb
726f4f6373dbb939442e7fa98c7e782f 15014 net extra
nova-compute-qemu_2013.2.2-1_all.deb
5c9c15ac34ab14097cee604d899b9b7c 15096 net extra
nova-compute-kvm_2013.2.2-1_all.deb
bfcf93c769e36918773b15d6fb3a2d57 17218 net extra
nova-conductor_2013.2.2-1_all.deb
a5749ae8aaea0f4f088fd242733fa3f1 17332 net extra nova-cert_2013.2.2-1_all.deb
fb57285b9c11bc40fc0c283ffc401028 18320 net extra
nova-scheduler_2013.2.2-1_all.deb
89de5c9c91fcb071610f842c11850f57 14624 oldlibs extra
nova-volume_2013.2.2-1_all.deb
4be159c04db9ab3edc26bcb0cff6639f 33664 net extra nova-api_2013.2.2-1_all.deb
879d0f44ba9e192b3c284bd0755c7c5e 19330 net extra
nova-network_2013.2.2-1_all.deb
889d528f8b8590d1368d8c5512c3007f 17354 net extra
nova-console_2013.2.2-1_all.deb
674ebb17773c6303fe8a35eec05e0d2e 17340 net extra
nova-consoleauth_2013.2.2-1_all.deb
8ac19681cf70c3b62054610d602e4fdc 1290918 doc extra nova-doc_2013.2.2-1_all.deb
ed14ea0a96112a70db6e8380d9d78be9 16332 net extra nova-cells_2013.2.2-1_all.deb
db81da71004432f69976b053f6423804 16674 net extra
nova-baremetal_2013.2.2-1_all.deb
e6c2d53f9c785b1c3ab0186be91a33f2 22420 net extra
nova-consoleproxy_2013.2.2-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJS/b0lAAoJENQWrRWsa0P+ixMP/R40LXuEgLmBv6vOAoLmmc7W
nIBzoCnQcLclzNFHpEXjiRkLH4sxXywCIqnbkNYNa6P0itPGdbN6LRtj6jXq04Cz
C7eGnnktRvxzUyLrsAX28Skstb0oOATcogFF1Obij9uNpVi/i0kA24R+hd8rD87v
y1A/3GiipqFR/lbvSKql1e8p7NwOtzWc6YTeEGrMeZMjKwSR/sSJEKPcE/3FrOqL
31934E1AZdkCk2xKe4dmzYgdfulZcU3YJHe0UU1jwEB+SqiHulEZrXfi0O2XARy+
fMtuP1wiOw6mxCV+Bbj1VPuRLQ8kmbabsjG33pV0cZ4fMSjzs9xpsvPtyyogovuB
3W72V0ZAfvZBvOlTNNgNujnHyr9aD2X9d1sYlGOKaeYU3h+QIzgZZplWLLqVRIXJ
wIJHUm+JvrWK682u/0NCuCN5N0Od9+rdFVrS8N92SAcdfzIi/V0NH4qQUj7ZrgPp
oNwPDPf5kNsntBJ78ww8W4xTnKDjbc42pRRmC0l9BH2znUtEdduRDy4p2YMomJTZ
OFTQVfcC8lmBpflW5E7eViSh1vZxXpVIjgHFpckmwQXtLUCJmXigKztvkffIsFT0
GThxaOjFtjO0b4nylzmvdcWwJC7Kqi/nbojQSktdaQLkK0xLkk8QiAW34Z7QyQWQ
yfnyXbd0DWNMzwI3uTJW
=6Y7a
-----END PGP SIGNATURE-----
--- End Message ---
