[ubuntu/groovy-proposed] cinder 2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1 (Accepted)

Corey Bryant corey.bryant at canonical.com
Wed Jun 24 20:21:13 UTC 2020 

cinder (2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1) groovy; urgency=medium

  * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure
    (LP: #1823200)
    - Remove VxFlex OS credentials from connection_properties. Passwords are
      now stored in separate file and are retrieved during each attach/detach
      operation. Cinder is patched in 16.1.0 stable point release.
    - d/control: Align (Build-)Depends with min version of python3-os-brick
      required to fix credential exposure.
    - CVE-2020-10755
  * New upstream snapshot for OpenStack Victoria.
  * d/control: Align (Build-)Depends with upstream.
  * d/p/py38skip.patch: Dropped. No longer needed.
  * d/p/skip-victoria-failures.patch: Rebased and updated with upstream bug.

Date: Wed, 24 Jun 2020 09:10:19 -0400
Changed-By: Corey Bryant <corey.bryant at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/cinder/2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 24 Jun 2020 09:10:19 -0400
Source: cinder
Architecture: source
Version: 2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Corey Bryant <corey.bryant at canonical.com>
Launchpad-Bugs-Fixed: 1823200
Changes:
 cinder (2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1) groovy; urgency=medium
 .
   * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure
     (LP: #1823200)
     - Remove VxFlex OS credentials from connection_properties. Passwords are
       now stored in separate file and are retrieved during each attach/detach
       operation. Cinder is patched in 16.1.0 stable point release.
     - d/control: Align (Build-)Depends with min version of python3-os-brick
       required to fix credential exposure.
     - CVE-2020-10755
   * New upstream snapshot for OpenStack Victoria.
   * d/control: Align (Build-)Depends with upstream.
   * d/p/py38skip.patch: Dropped. No longer needed.
   * d/p/skip-victoria-failures.patch: Rebased and updated with upstream bug.
Checksums-Sha1:
 2513ea2a5765c49cdb7f8d37ad50e1de79992de4 5242 cinder_17.0.0~b1~git2020062409.85fcf1057-0ubuntu1.dsc
 d427aa232330c84313dbed942f09d7e07b74fbba 5587594 cinder_17.0.0~b1~git2020062409.85fcf1057.orig.tar.gz
 8fff303cc48c6a742d1f32caeecadc145431ceb6 17972 cinder_17.0.0~b1~git2020062409.85fcf1057-0ubuntu1.debian.tar.xz
 41f92aac5220ae63dcdab31f0d125edd3e117f1e 8705 cinder_17.0.0~b1~git2020062409.85fcf1057-0ubuntu1_source.buildinfo
Checksums-Sha256:
 5446a53d6ae5a12cd0eb80a389c74ecc5ce453194ba5fd8149e2719d1564387e 5242 cinder_17.0.0~b1~git2020062409.85fcf1057-0ubuntu1.dsc
 fe26f814cb5840ad17a7679937dcbe4219ab685fe24569cbff21b92d78e88cbb 5587594 cinder_17.0.0~b1~git2020062409.85fcf1057.orig.tar.gz
 12505386c229282c0a921094e7af36d5dd6e3ad1a2f004f4424c551e5e8fde46 17972 cinder_17.0.0~b1~git2020062409.85fcf1057-0ubuntu1.debian.tar.xz
 f43f0f35017a9d26f3f8f1016b0b9e2a2087f1e99c60e1dc5980a4ec8139f989 8705 cinder_17.0.0~b1~git2020062409.85fcf1057-0ubuntu1_source.buildinfo
Files:
 d24607ccaafbccbc9cfdf5aeddb8f73d 5242 net extra cinder_17.0.0~b1~git2020062409.85fcf1057-0ubuntu1.dsc
 bd91f047c38f765b5e38dec71afbb3db 5587594 net extra cinder_17.0.0~b1~git2020062409.85fcf1057.orig.tar.gz
 b76a622bc507fd9892a08650837e9888 17972 net extra cinder_17.0.0~b1~git2020062409.85fcf1057-0ubuntu1.debian.tar.xz
 efe8d7f0794e5a926eb3a5877f27bfd7 8705 net extra cinder_17.0.0~b1~git2020062409.85fcf1057-0ubuntu1_source.buildinfo
Original-Maintainer: Chuck Short <zulcss at ubuntu.com>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENRbRpb8Ad+cUFOGXFbmz7g3N+AYFAl7ztN8ACgkQFbmz7g3N
+AYmGg//U2UjE6wwnqnxT+dWXZX3nt0bFTy+2vaH9fAL2RIXCtUcm485FJrfA1QX
sD/9XzR5cvuUkcijbNQq0JTYHLJ6+XyoJ0xQtWEUwC0Drk4f4zGqBdxzPiGTdS/F
Mv1NIIC/vATdCbe2XDmEBxafhnT7m9PH7T57Pt8NozPT+HrUkI4XUoM/iGndhXxE
cRSoIPTJ2T7GwDHvTxuo9T3dI1njUKidW8U8Sz0C0yWA8ZxiuAD2mVJsnkEzPuF9
U4qgcsZEF0JCZIlguPc/Dh/BE/Mqs6SD6wxGsikfpbm6qwBj4+RFrEmfVh11H8Wn
yUT3bhCzUGIKkWP8Ijs3xZloSA0O2LKIa0An5ZZ/KO/RXZQpsAq5zQ1MYAdGo0P5
gu3rASZQ+nmqlaiC71crWJyTvkfz/u0Nr4d0Anw2KiPOHOPOC+58oGiwwEbq5CC5
qDZiHdMknAfIuBA+fsTDfBoFkDM1qXvo/ezCQ2vTpJVgmN3VAFqNlVjUErusc/Ms
Q0SLfCpB6y88N3TmEva9RPQCbeyPSZgxy7OSMJEU5P6gFLrc+ZL6E76keb3uSGi5
zEL7UZiubtfk471Z8btNYRpWuGP5RgyNANmzVwZt4C7EtyKsxe8Rogv5zntDyqvF
RI6vxglr9jueoBV7M2sDHWGlJVEBU5PTNI+Q1RxRfDB2MgRT+rk=
=bUdA
-----END PGP SIGNATURE-----

More information about the Groovy-changes mailing list