Debian Package Tracker

general

source: glance (main)
version: 2:16.0.1-3
maintainer: Debian OpenStack (archive) [DMD]
uploaders: Thomas Goirand [DMD]
arch: all
std-ver: 4.1.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2012.1.1-5
oldstable: 2014.1.3-12+deb8u1
old-bpo: 2:12.0.0-3~bpo8+1
stable: 2:13.0.0-4
testing: 2:16.0.1-2
unstable: 2:16.0.1-3

versioned links

2012.1.1-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2014.1.3-12+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:12.0.0-3~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:13.0.0-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:16.0.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:16.0.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

glance
glance-api
glance-common
glance-doc
glance-registry
python3-glance

action needed

Marked for autoremoval on 14 June due to uwsgi: #894363, #894624, #897097 high

Version 2:16.0.1-2 of glance is marked for autoremoval from testing on Thu 14 Jun 2018. It depends (transitively) on uwsgi, affected by #894363, #894624, #897097. You should try to prevent the removal by fixing these RC bugs.

Created: 2018-05-08 Last update: 2018-05-21 20:06

A new upstream version is available: 2011.2 high

A new upstream version 2011.2 is available, you should consider packaging it.

Created: 2018-02-14 Last update: 2018-05-21 19:57

Depends on packages which need a new maintainer normal

The packages that glance depends on which need a new maintainer are:

pastescript (#740531)
- Depends: python3-pastescript

Created: 2018-05-03 Last update: 2018-05-21 20:03

4 new commits since last upload, time to release an update? normal

vcswatch reports that this package seems to have new commits in its VCS. You should consider updating the debian/changelog and uploading this new version into the archive.

Created: 2018-05-11 Last update: 2018-05-21 01:56

lintian reports 8 warnings normal

Lintian reports 8 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-12 Last update: 2018-04-12 07:51

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

glance-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2018-05-21 20:10

3 ignored security issues in wheezy low

There are 3 open security issues in wheezy.

3 issues skipped by the security teams:

CVE-2015-5251: OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
CVE-2016-0757: OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.
CVE-2014-9623: OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

Please fix them.

Created: 2017-12-30 Last update: 2018-05-21 01:44

3 ignored security issues in jessie low

There are 3 open security issues in jessie.

3 issues skipped by the security teams:

CVE-2017-7200: An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.
CVE-2016-0757: OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.
CVE-2015-5162: The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.

Please fix them.

Created: 2016-02-04 Last update: 2018-05-21 01:44

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.1.4 instead of 4.1.3).

Created: 2018-04-16 Last update: 2018-05-21 01:19

testing migrations

excuses:
- Too young, only 1 of 5 days old
- Piuparts tested OK - https://piuparts.debian.org/sid/source/g/glance.html
- Not considered

news

[rss feed]

[2018-05-20] Accepted glance 2:16.0.1-3 (source all) into unstable (Thomas Goirand)
[2018-05-13] glance 2:16.0.1-2 MIGRATED to testing (Debian testing watch)
[2018-05-08] Accepted glance 2:16.0.1-2 (source all) into unstable (Thomas Goirand)
[2018-05-08] glance 2:16.0.1-1 MIGRATED to testing (Debian testing watch)
[2018-05-02] Accepted glance 2:16.0.1-1 (source all) into unstable (Thomas Goirand)
[2018-04-01] glance 2:16.0.0-4 MIGRATED to testing (Debian testing watch)
[2018-03-26] Accepted glance 2:16.0.0-4 (source all) into unstable (Thomas Goirand)
[2018-03-15] glance 2:16.0.0-3 MIGRATED to testing (Debian testing watch)
[2018-03-09] Accepted glance 2:16.0.0-3 (source all) into unstable (Thomas Goirand)
[2018-03-07] Accepted glance 2:16.0.0-2 (source all) into unstable (Thomas Goirand)
[2018-03-06] glance 2:16.0.0-1 MIGRATED to testing (Debian testing watch)
[2018-02-28] Accepted glance 2:16.0.0-1 (source all) into unstable (Thomas Goirand)
[2018-02-26] Accepted glance 2:16.0.0~rc1-1 (source all) into experimental, experimental (Thomas Goirand)
[2018-02-15] glance 2:15.0.0-7 MIGRATED to testing (Debian testing watch)
[2018-02-10] Accepted glance 2:15.0.0-7 (source all) into unstable (Thomas Goirand)
[2017-12-19] glance 2:15.0.0-6 MIGRATED to testing (Debian testing watch)
[2017-12-14] Accepted glance 2:15.0.0-6 (source all) into unstable (Thomas Goirand)
[2017-12-13] Accepted glance 2:15.0.0-5 (source all) into unstable (Thomas Goirand)
[2017-12-13] Accepted glance 2:15.0.0-4 (source all) into unstable (Thomas Goirand)
[2017-12-07] glance 2:15.0.0-3 MIGRATED to testing (Debian testing watch)
[2017-12-01] Accepted glance 2:15.0.0-3 (source all) into unstable (Thomas Goirand)
[2017-11-10] glance 2:15.0.0-2 MIGRATED to testing (Debian testing watch)
[2017-11-02] Accepted glance 2:15.0.0-2 (source all) into unstable (Thomas Goirand)
[2017-10-07] Accepted glance 2:15.0.0-1 (source all) into experimental (Thomas Goirand)
[2017-08-21] glance REMOVED from testing (Debian testing watch)
[2017-04-05] glance 2:13.0.0-4 MIGRATED to testing (Debian testing watch)
[2017-04-02] Accepted glance 2:13.0.0-4 (source all) into unstable (David Rabel) (signed by: Thomas Goirand)
[2017-03-24] glance 2:13.0.0-3 MIGRATED to testing (Debian testing watch)
[2017-03-18] Accepted glance 2:13.0.0-3 (source all) into unstable (David Rabel) (signed by: Ondřej Nový)
[2017-01-31] glance 2:13.0.0-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0

links

homepage
lintian (0, 8)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2:17.0.0~b1-0ubuntu1
4 bugs (1 patch)
patches for 2:17.0.0~b1-0ubuntu1