[Bug 1854362] Re: [MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid
Mathieu Trudel-Lapierre
mathieu.tl at gmail.com
Tue Dec 3 20:09:19 UTC 2019
tcmu is a high-impact target that will handle storage requests and
potentially allow an attacker to intercept data. I'm concerned by the
fact the Debian maintainer felt they had to disable -Werror to make
things work on 32-bit; even if that's not necessarily out main focus: it
points to potential issues in the code, code that is not necessarily
very portable or that might be hard to maintain in the future. I'll let
the Security Team give their opinion on it and decide.
** Changed in: tcmu (Ubuntu)
Assignee: Mathieu Trudel-Lapierre (cyphermox) => Ubuntu Security Team (ubuntu-security)
** Changed in: tcmu (Ubuntu)
Status: In Progress => New
** Changed in: python-rtslib-fb (Ubuntu)
Assignee: (unassigned) => Mathieu Trudel-Lapierre (cyphermox)
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-rtslib-fb in Ubuntu.
https://bugs.launchpad.net/bugs/1854362
Title:
[MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid
Status in ceph-iscsi package in Ubuntu:
New
Status in python-configshell-fb package in Ubuntu:
New
Status in python-rtslib-fb package in Ubuntu:
New
Status in tcmu package in Ubuntu:
New
Status in urwid package in Ubuntu:
New
Bug description:
== ceph-iscsi ==
[Availability]
In universe
[Rationale]
Provides iSCSI gateway to a Ceph cluster, allowing clients which don't understand RBD to use Ceph storage.
[Security]
No security history found.
[Quality assurance]
Package runs tests during package build (submitted back to Debian).
[Dependencies]
All in main or on this MIR
[Standards compliance]
OK
[Maintenance]
ubuntu-openstack
== tcmu ==
[Availability]
In universe
[Rationale]
Dependency for ceph-iscsi
Handles the userspace side of the LIO TCM-User backstore allowing LIO
to use librbd for Ceph backed block devices.
[Security]
Some security history:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tcmu
All in older versions.
[Quality assurance]
No tests in source package for execution during package build.
[Dependencies]
All in main or on this MIR
[Standards compliance]
OK
[Maintenance]
ubuntu-openstack
== python-configshell-fb ==
[Availability]
In universe
[Rationale]
Dependency for ceph-iscsi
[Security]
No security history
[Quality assurance]
No tests in source package for execution during package build.
[Dependencies]
All in main or on this MIR
[Standards compliance]
OK
[Maintenance]
ubuntu-openstack
== python-rtslib-fb ==
[Availability]
In universe
[Rationale]
Dependency for ceph-iscsi
[Security]
No security history
[Quality assurance]
No tests in source package for execution during package build.
[Dependencies]
All in main or on this MIR
[Standards compliance]
OK
[Maintenance]
ubuntu-openstack
== urwid ==
[Availability]
In universe
[Rationale]
Dependency for python-configshell-fb
[Security]
No security history
[Quality assurance]
Tests present and executed during package build.
[Dependencies]
All in main or on this MIR
[Standards compliance]
OK
[Maintenance]
ubuntu-openstack
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ceph-iscsi/+bug/1854362/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list