Debian Package Tracker

general

source: glance (main)
version: 2:17.0.0-3
maintainer: Debian OpenStack [DMD]
uploaders: Thomas Goirand [DMD]
arch: all
std-ver: 4.1.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2012.1.1-5
oldstable: 2014.1.3-12+deb8u1
old-bpo: 2:12.0.0-3~bpo8+1
stable: 2:13.0.0-4
testing: 2:17.0.0-3
unstable: 2:17.0.0-3

versioned links

2012.1.1-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2014.1.3-12+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:12.0.0-3~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:13.0.0-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:17.0.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

glance
glance-api
glance-common
glance-doc
glance-registry
python3-glance

action needed

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2018-09-12 Last update: 2019-02-17 12:10

Depends on packages which need a new maintainer normal

The packages that glance depends on which need a new maintainer are:

pastescript (#740531)
- Depends: python3-pastescript

Created: 2018-05-03 Last update: 2019-02-17 12:08

2 new commits since last upload, time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2:17.0.0-4.1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit cc5b97d1b40d8aac2e09468b986ee600f188a631
Merge: 46e3d44f 0c8640d2
Author: Michal Arbet <michal.arbet@ultimum.io>
Date:   Mon Feb 4 10:27:53 2019 +0000

    Merge branch 'debian/rocky' into 'debian/rocky'
    
    Updated watch file to get rid of 2011.2 upstream tag
    
    See merge request openstack-team/services/glance!1

commit 0c8640d26b50c011e0243c7b294a23407721a15b
Author: Marcin Juszkiewicz <marcin@juszkiewicz.com.pl>
Date:   Tue Jan 15 12:06:32 2019 +0100

    Updated watch file to get rid of 2011.2 upstream tag

Created: 2018-11-13 Last update: 2019-02-17 02:28

lintian reports 8 warnings normal

Lintian reports 8 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-12 Last update: 2018-11-06 08:32

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

glance-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2019-02-17 08:42

3 ignored security issues in jessie low

There are 3 open security issues in jessie.

3 issues skipped by the security teams:

CVE-2015-5162: The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.
CVE-2017-7200: An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.
CVE-2016-0757: OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.

Please fix them.

Created: 2016-02-04 Last update: 2018-11-11 10:11

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.1.3).

Created: 2018-04-16 Last update: 2018-12-23 17:15

news

[rss feed]

[2018-11-11] glance 2:17.0.0-3 MIGRATED to testing (Debian testing watch)
[2018-11-05] Accepted glance 2:17.0.0-3 (source all) into unstable (Thomas Goirand)
[2018-09-23] glance 2:17.0.0-2 MIGRATED to testing (Debian testing watch)
[2018-09-18] Accepted glance 2:17.0.0-2 (source all) into unstable (Michal Arbet) (signed by: Thomas Goirand)
[2018-09-12] glance 2:17.0.0-1 MIGRATED to testing (Debian testing watch)
[2018-09-05] Accepted glance 2:17.0.0-1 (source all) into unstable (Thomas Goirand)
[2018-08-23] Accepted glance 2:17.0.0~rc2-1 (source all) into experimental (Thomas Goirand)
[2018-08-22] glance 2:16.0.1-8 MIGRATED to testing (Debian testing watch)
[2018-08-17] Accepted glance 2:16.0.1-8 (source all) into unstable (Thomas Goirand)
[2018-08-08] glance 2:16.0.1-7 MIGRATED to testing (Debian testing watch)
[2018-08-02] Accepted glance 2:16.0.1-7 (source all) into unstable (Thomas Goirand)
[2018-05-30] glance 2:16.0.1-6 MIGRATED to testing (Debian testing watch)
[2018-05-25] Accepted glance 2:16.0.1-6 (source all) into unstable (Thomas Goirand)
[2018-05-23] Accepted glance 2:16.0.1-5 (source all) into unstable (Michal Arbet) (signed by: Thomas Goirand)
[2018-05-22] Accepted glance 2:16.0.1-4 (source all) into unstable (Thomas Goirand)
[2018-05-20] Accepted glance 2:16.0.1-3 (source all) into unstable (Thomas Goirand)
[2018-05-13] glance 2:16.0.1-2 MIGRATED to testing (Debian testing watch)
[2018-05-08] Accepted glance 2:16.0.1-2 (source all) into unstable (Thomas Goirand)
[2018-05-08] glance 2:16.0.1-1 MIGRATED to testing (Debian testing watch)
[2018-05-02] Accepted glance 2:16.0.1-1 (source all) into unstable (Thomas Goirand)
[2018-04-01] glance 2:16.0.0-4 MIGRATED to testing (Debian testing watch)
[2018-03-26] Accepted glance 2:16.0.0-4 (source all) into unstable (Thomas Goirand)
[2018-03-15] glance 2:16.0.0-3 MIGRATED to testing (Debian testing watch)
[2018-03-09] Accepted glance 2:16.0.0-3 (source all) into unstable (Thomas Goirand)
[2018-03-07] Accepted glance 2:16.0.0-2 (source all) into unstable (Thomas Goirand)
[2018-03-06] glance 2:16.0.0-1 MIGRATED to testing (Debian testing watch)
[2018-02-28] Accepted glance 2:16.0.0-1 (source all) into unstable (Thomas Goirand)
[2018-02-26] Accepted glance 2:16.0.0~rc1-1 (source all) into experimental, experimental (Thomas Goirand)
[2018-02-15] glance 2:15.0.0-7 MIGRATED to testing (Debian testing watch)
[2018-02-10] Accepted glance 2:15.0.0-7 (source all) into unstable (Thomas Goirand)

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 8)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2:18.0.0~b1~git2019013051.034a4837-0ubuntu1
4 bugs (1 patch)
patches for 2:18.0.0~b1~git2019013051.034a4837-0ubuntu1