Debian Package Tracker

general

source: nova (main)
version: 2:19.0.2-4
maintainer: Debian OpenStack (DMD)
uploaders: Thomas Goirand [DMD] – gustavo panizzo [DMD] – Michal Arbet [DMD]
arch: all
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2014.1.3-11
oldstable: 2:14.0.0-4+deb9u1
old-sec: 2:14.0.0-4+deb9u1
stable: 2:18.1.0-6
testing: 2:19.0.2-4
unstable: 2:19.0.2-4
exp: 2:20.0.0-1

versioned links

2014.1.3-11: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:14.0.0-4+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:18.1.0-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:19.0.2-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:20.0.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

nova-api
nova-cells
nova-common
nova-compute
nova-compute-ironic
nova-compute-kvm
nova-compute-lxc
nova-compute-qemu
nova-conductor
nova-console
nova-consoleauth
nova-consoleproxy
nova-doc
nova-placement-api
nova-scheduler
nova-volume
python3-nova

action needed

Marked for autoremoval on 14 November due to actdiag, blockdiag, libmatheval, python-googleapi, seqdiag, sphinxcontrib-actdiag, uwsgi: #885212, #935562, #936106, #936219, #938466, #938530, #941432 high

Version 2:19.0.2-4 of nova is marked for autoremoval from testing on Thu 14 Nov 2019. It depends (transitively) on actdiag, blockdiag, libmatheval, python-googleapi, seqdiag, sphinxcontrib-actdiag, uwsgi, affected by #885212, #935562, #936106, #936219, #938466, #938530, #941432. You should try to prevent the removal by fixing these RC bugs.

Created: 2019-10-15 Last update: 2019-10-22 14:40

A new upstream version is available: 20.0.0 high

A new upstream version 20.0.0 is available, you should consider packaging it.

Created: 2019-10-07 Last update: 2019-10-22 08:46

Depends on packages which need a new maintainer normal

The packages that nova depends on which need a new maintainer are:

pastescript (#740531)
- Depends: python3-pastescript python3-pastescript
pygresql (#623685)
- Suggests: python3-pygresql

Created: 2017-12-02 Last update: 2019-10-22 13:19

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2019-10-17 Last update: 2019-10-22 08:49

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2:20.0.0-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 271354d9d5768104aa7009ed3b249721c51aa170
Author: Ondřej Nový <onovy@debian.org>
Date:   Fri Oct 18 16:32:28 2019 +0200

    Bump Standards-Version to 4.4.1

commit 02505c3dbb3610d0921f15463f0f8f3789346c83
Author: Ondřej Nový <onovy@debian.org>
Date:   Fri Oct 18 16:32:28 2019 +0200

    Run wrap-and-sort -bastk

Created: 2019-10-18 Last update: 2019-10-18 15:51

lintian reports 59 warnings normal

Lintian reports 59 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-08-21 Last update: 2019-09-30 01:17

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

nova-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2019-10-22 08:52

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2019-14433: An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.

Please fix it.

Created: 2019-08-07 Last update: 2019-10-21 00:30

9 ignored security issues in jessie low

There are 9 open security issues in jessie.

9 issues skipped by the security teams:

CVE-2015-3280: OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.
CVE-2015-3241: OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
CVE-2017-18191: An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.
CVE-2015-7548: OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.
CVE-2016-2140: The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.
CVE-2015-5162: The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.
CVE-2019-14433: An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.
CVE-2015-8749: The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.
CVE-2015-7713: OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

Please fix them.

Created: 2015-07-12 Last update: 2019-10-21 00:30

2 ignored security issues in stretch low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

CVE-2017-18191: An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.
CVE-2019-14433: An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.

Please fix them.

Created: 2018-02-20 Last update: 2019-10-21 00:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.1 instead of 4.4.0).

Created: 2019-09-29 Last update: 2019-09-29 23:39

news

[rss feed]

[2019-10-16] Accepted nova 2:20.0.0-1 (source) into experimental (Michal Arbet)
[2019-10-15] nova 2:19.0.2-4 MIGRATED to testing (Debian testing watch)
[2019-10-09] Accepted nova 2:20.0.0~rc1-3 (source) into experimental (Thomas Goirand)
[2019-09-30] Accepted nova 2:20.0.0~rc1-2 (source) into experimental (Thomas Goirand)
[2019-09-28] Accepted nova 2:20.0.0~rc1-1 (source all) into experimental (Thomas Goirand)
[2019-09-13] Accepted nova 2:19.0.2-4 (source) into unstable (Thomas Goirand)
[2019-09-07] nova REMOVED from testing (Debian testing watch)
[2019-09-04] Accepted nova 2:19.0.2-3 (source) into unstable (Thomas Goirand)
[2019-09-02] nova 2:19.0.2-2 MIGRATED to testing (Debian testing watch)
[2019-08-27] Accepted nova 2:19.0.2-2 (source) into unstable (Thomas Goirand)
[2019-08-15] Accepted nova 2:19.0.2-1 (source all) into unstable (Michal Arbet)
[2019-08-07] Accepted nova 2:19.0.1-1 (source all) into unstable (Michal Arbet)
[2019-07-17] Accepted nova 2:19.0.0-4 (source) into unstable (Thomas Goirand)
[2019-06-12] nova 2:18.1.0-6 MIGRATED to testing (Debian testing watch)
[2019-05-29] Accepted nova 2:18.1.0-6 (source all) into unstable (Thomas Goirand)
[2019-05-29] Accepted nova 2:19.0.0-3 (source all) into experimental (Thomas Goirand)
[2019-05-07] Accepted nova 2:19.0.0-2 (source all) into experimental (Michal Arbet)
[2019-04-11] Accepted nova 2:19.0.0-1 (source all) into experimental (Thomas Goirand)
[2019-03-29] Accepted nova 2:19.0.0~rc1-1 (source all) into experimental (Thomas Goirand)
[2019-03-07] Accepted nova 2:18.1.0-5 (source all) into unstable (Thomas Goirand)
[2019-03-01] Accepted nova 2:18.1.0-4 (source all) into unstable (Thomas Goirand)
[2019-02-12] nova 2:18.1.0-2 MIGRATED to testing (Debian testing watch)
[2019-02-06] Accepted nova 2:18.1.0-2 (source all) into unstable (Michal Arbet)
[2019-01-22] nova 2:18.1.0-1 MIGRATED to testing (Debian testing watch)
[2019-01-17] Accepted nova 2:18.1.0-1 (source all) into unstable (Thomas Goirand)
[2019-01-14] nova 2:18.0.3-5 MIGRATED to testing (Debian testing watch)
[2019-01-08] Accepted nova 2:18.0.3-5 (source all) into unstable (Thomas Goirand)
[2018-12-20] nova 2:18.0.3-4 MIGRATED to testing (Debian testing watch)
[2018-11-14] Accepted nova 2:18.0.3-4 (source all) into unstable (Michal Arbet)
[2018-11-12] Accepted nova 2:18.0.3-3 (source all) into unstable (Michal Arbet)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 59)
buildd: logs, exp, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2:20.0.0-0ubuntu1
37 bugs (3 patches)
patches for 2:20.0.0-0ubuntu1