Debian Package Tracker
Register | Log in
Subscribe

nova

Choose email to subscribe with

general
  • source: nova (main)
  • version: 2:18.1.0-2
  • maintainer: Debian OpenStack [DMD]
  • uploaders: Thomas Goirand [DMD] – Michal Arbet [DMD] – gustavo panizzo [DMD]
  • arch: all
  • std-ver: 4.1.3
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 2012.1.1-18
  • oldstable: 2014.1.3-11
  • old-bpo: 2:13.1.0-2~bpo8+1
  • stable: 2:14.0.0-4+deb9u1
  • stable-sec: 2:14.0.0-4+deb9u1
  • testing: 2:18.1.0-2
  • unstable: 2:18.1.0-2
versioned links
  • 2012.1.1-18: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2014.1.3-11: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2:13.1.0-2~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2:14.0.0-4+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2:18.1.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • nova-api
  • nova-cells
  • nova-common
  • nova-compute
  • nova-compute-ironic
  • nova-compute-kvm
  • nova-compute-lxc
  • nova-compute-qemu
  • nova-conductor
  • nova-console
  • nova-consoleauth
  • nova-consoleproxy
  • nova-doc
  • nova-placement-api
  • nova-scheduler
  • nova-volume
  • python3-nova
action needed
Marked for autoremoval on 23 March due to lxc: #921667 high
Version 2:18.1.0-2 of nova is marked for autoremoval from testing on Sat 23 Mar 2019. It depends (transitively) on lxc, affected by #921667. You should try to prevent the removal by fixing these RC bugs.
Created: 2019-02-15 Last update: 2019-02-16 01:29
Depends on packages which need a new maintainer normal
The packages that nova depends on which need a new maintainer are:
  • pastescript (#740531)
    • Depends: python3-pastescript
  • pygresql (#623685)
    • Suggests: python3-pygresql
  • python-tempita (#740534)
    • Depends: python3-tempita
Created: 2017-12-02 Last update: 2019-02-15 23:48
Fails to build during reproducibility testing normal
A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!
Created: 2018-12-20 Last update: 2019-02-15 19:34
piuparts found (un)installation error(s) normal
Piuparts stresses package installation, uninstallation, upgrade, ... While doing such tests, one or more errors were found for the following suites:
  • sid - piuparts
You should fix them.
Created: 2019-02-07 Last update: 2019-02-07 04:35
lintian reports 29 warnings normal
Lintian reports 29 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2019-01-12 Last update: 2019-01-12 05:46
Multiarch hinter reports 1 issue(s) low
There are issues with the multiarch metadata for this package.
  • nova-doc could be marked Multi-Arch: foreign
Created: 2016-09-14 Last update: 2019-02-15 23:34
1 ignored security issue in stretch low
There is 1 open security issue in stretch.
1 issue skipped by the security teams:
  • CVE-2017-18191: An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.
Please fix it.
Created: 2018-02-20 Last update: 2019-02-12 05:52
8 ignored security issues in jessie low
There are 8 open security issues in jessie.
8 issues skipped by the security teams:
  • CVE-2015-5162: The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.
  • CVE-2015-7548: OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.
  • CVE-2015-3241: OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
  • CVE-2015-7713: OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
  • CVE-2017-18191: An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.
  • CVE-2015-3280: OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.
  • CVE-2016-2140: The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.
  • CVE-2015-8749: The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.
Please fix them.
Created: 2015-07-12 Last update: 2019-02-12 05:52
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.1.3).
Created: 2018-04-16 Last update: 2019-02-07 01:00
news
[rss feed]
  • [2019-02-12] nova 2:18.1.0-2 MIGRATED to testing (Debian testing watch)
  • [2019-02-06] Accepted nova 2:18.1.0-2 (source all) into unstable (Michal Arbet)
  • [2019-01-22] nova 2:18.1.0-1 MIGRATED to testing (Debian testing watch)
  • [2019-01-17] Accepted nova 2:18.1.0-1 (source all) into unstable (Thomas Goirand)
  • [2019-01-14] nova 2:18.0.3-5 MIGRATED to testing (Debian testing watch)
  • [2019-01-08] Accepted nova 2:18.0.3-5 (source all) into unstable (Thomas Goirand)
  • [2018-12-20] nova 2:18.0.3-4 MIGRATED to testing (Debian testing watch)
  • [2018-11-14] Accepted nova 2:18.0.3-4 (source all) into unstable (Michal Arbet)
  • [2018-11-12] Accepted nova 2:18.0.3-3 (source all) into unstable (Michal Arbet)
  • [2018-11-07] Accepted nova 2:18.0.3-2 (source all) into unstable (Michal Arbet)
  • [2018-11-06] Accepted nova 2:18.0.3-1 (source all) into unstable (Michal Arbet)
  • [2018-10-07] Accepted nova 2:18.0.1-2 (source all) into unstable (Michal Arbet) (signed by: Thomas Goirand)
  • [2018-09-25] Accepted nova 2:18.0.1-1 (source all) into unstable (Thomas Goirand)
  • [2018-09-14] nova REMOVED from testing (Debian testing watch)
  • [2018-09-05] Accepted nova 2:18.0.0-1 (source all) into unstable (Thomas Goirand)
  • [2018-08-05] nova 2:17.0.3-13 MIGRATED to testing (Debian testing watch)
  • [2018-07-30] Accepted nova 2:17.0.3-13 (source all) into unstable (Thomas Goirand)
  • [2018-06-10] nova 2:17.0.3-12 MIGRATED to testing (Debian testing watch)
  • [2018-06-05] Accepted nova 2:17.0.3-12 (source all) into unstable (Thomas Goirand)
  • [2018-06-04] Accepted nova 2:17.0.3-11 (source all) into unstable (Thomas Goirand)
  • [2018-06-04] Accepted nova 2:17.0.3-10 (source all) into unstable (Thomas Goirand)
  • [2018-05-30] nova 2:17.0.3-9 MIGRATED to testing (Debian testing watch)
  • [2018-05-25] Accepted nova 2:17.0.3-9 (source all) into unstable (Thomas Goirand)
  • [2018-05-22] Accepted nova 2:17.0.3-8 (source all) into unstable (Thomas Goirand)
  • [2018-05-22] Accepted nova 2:17.0.3-7 (source all) into unstable (Thomas Goirand)
  • [2018-05-21] nova 2:17.0.3-6 MIGRATED to testing (Debian testing watch)
  • [2018-05-16] Accepted nova 2:17.0.3-6 (source all) into unstable (Thomas Goirand)
  • [2018-05-14] Accepted nova 2:17.0.3-5 (source all) into unstable (Thomas Goirand)
  • [2018-05-10] Accepted nova 2:17.0.3-4 (source all) into unstable (Thomas Goirand)
  • [2018-05-07] Accepted nova 2:17.0.3-3 (source all) into unstable (Thomas Goirand)
  • 1
  • 2
bugs [bug history graph]
  • all: 2
  • RC: 0
  • I&N: 2
  • M&W: 0
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 29)
  • buildd: logs, clang, reproducibility
  • popcon
  • browse source code
  • edit tags
  • security tracker
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 2:19.0.0~b1~git2019013113.33aad0fe41-0ubuntu1
  • 31 bugs (4 patches)
  • patches for 2:19.0.0~b1~git2019013113.33aad0fe41-0ubuntu1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing