[Bug 1784401] Re: [SRU] ceph 10.2.11

Alex Murray alex.murray at canonical.com
Tue Sep 4 11:34:04 UTC 2018 

This would also happen to fix 3 outstanding CVEs for ceph in Xenial as
well: CVE-2018-10861, CVE-2018-1128, CVE-2018-1129

I was looking at backporting fixes for these to 10.2.10 but the commits
which fix the actual CVEs seem to depend on a fair few other commits in
between 10.2.10 and 10.2.11 so if this SRU proceeds that will resolve
these CVEs "for free"

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10861

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1128

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1129

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1784401

Title:
  [SRU] ceph 10.2.11

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive mitaka series:
  Triaged
Status in ceph package in Ubuntu:
  Invalid
Status in ceph source package in Xenial:
  Triaged

Bug description:
  [Impact]
  This release sports mostly bug-fixes and we would like to make sure all of our supported customers have access to these improvements.

  The update contains the following package updates:

     * ceph 10.2.11

  [Test Case]
  The following SRU process was followed:

  https://wiki.ubuntu.com/OpenStackUpdates

  In order to avoid regression of existing consumers, the OpenStack team
  will run their continuous integration test against the packages that
  are in -proposed. A successful run of all available tests will be
  required before the proposed packages can be let into -updates.

  The OpenStack team will be in charge of attaching the output summary
  of the executed tests. The OpenStack team members will not mark
  ‘verification-done’ until this has happened.

  [Regression Potential]
  In order to mitigate the regression potential, the results of the
  aforementioned tests are attached to this bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1784401/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list