+ceilometer (2013.2-4) unstable; urgency=low
+
+ * CVE-2013-6384: applied upstream patch mongodb, db2: do not print full
+ URL in logs (Closes: #730227).
+
+ -- Thomas Goirand <zigo@debian.org> Wed, 04 Dec 2013 19:41:05 +0800
+
ceilometer (2013.2-3) unstable; urgency=medium
* Added missing (build-)depends: python-six (>= 1.4.1).
--- /dev/null
+Description: mongodb, db2: do not print full URL in logs
+ The full URL used to connect to MongoDB or DB2 might contains sensitive
+ information such as username and password, so it's better to not print it at
+ all. Instead, just print the hosts that are being connected to.
+Author: Julien Danjou <julien@danjou.info>
+Date: Wed, 30 Oct 2013 14:49:33 +0000 (+0100)
+Origin: upstream, https://review.openstack.org/#/c/56396/
+X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fceilometer.git;a=commitdiff_plain;h=ef6c659588feff646343fd80ba3d420d9c06404b
+Bug-Ubuntu: Bug-Ubuntu: https://launchpad.net/bugs/1244476
+Bug-Debian: Bug-Debian: http://bugs.debian.org/730227
+
+diff --git a/ceilometer/storage/impl_db2.py b/ceilometer/storage/impl_db2.py
+index b44f424..5a72c1c 100644
+--- a/ceilometer/storage/impl_db2.py
++++ b/ceilometer/storage/impl_db2.py
+@@ -153,7 +153,8 @@ class ConnectionPool(object):
+ client = self._pool.get(pool_key)()
+ if client:
+ return client
+- LOG.info('connecting to MongoDB on %s', url)
++ LOG.info(_('Connecting to DB2 on %s'),
++ connection_options['nodelist'])
+ client = pymongo.MongoClient(
+ url,
+ safe=True)
+diff --git a/ceilometer/storage/impl_mongodb.py b/ceilometer/storage/impl_mongodb.py
+index 9ca881c..9640ebe 100644
+--- a/ceilometer/storage/impl_mongodb.py
++++ b/ceilometer/storage/impl_mongodb.py
+@@ -155,7 +155,8 @@ class ConnectionPool(object):
+ client = self._pool.get(pool_key)()
+ if client:
+ return client
+- LOG.info('connecting to MongoDB on %s', url)
++ LOG.info(_('Connecting to MongoDB on %s'),
++ connection_options['nodelist'])
+ client = pymongo.MongoClient(
+ url,
+ safe=True)