[Bug 1883879] Re: [SRU] ussuri stable releases

Corey Bryant 1883879 at bugs.launchpad.net
Wed Jul 8 15:45:37 UTC 2020 

This bug was fixed in the package cinder - 2:16.1.0-0ubuntu1~cloud0
---------------

 cinder (2:16.1.0-0ubuntu1~cloud0) bionic-ussuri; urgency=medium
 .
   * New upstream release for the Ubuntu Cloud Archive.
 .
 cinder (2:16.1.0-0ubuntu1) focal-security; urgency=medium
 .
   [ Chris MacNaughton ]
   * New stable point release for OpenStack Ussuri (LP: #1883879).
 .
   [ Corey Bryant ]
   * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure
     (LP: #1823200)
     - Remove VxFlex OS credentials from connection_properties. Passwords are
       now stored in separate file and are retrieved during each attach/detach
       operation. Cinder is patched in 16.1.0 stable point release.
     - d/control: Align (Build-)Depends with min version of python3-os-brick
       required to fix credential exposure.
     - CVE-2020-10755


** Changed in: cloud-archive/ussuri
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to cinder in Ubuntu.
https://bugs.launchpad.net/bugs/1883879

Title:
   [SRU] ussuri stable releases

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive ussuri series:
  Fix Released
Status in cinder package in Ubuntu:
  Invalid
Status in cinder source package in Focal:
  Fix Released

Bug description:
  [Impact]
  This release sports mostly bug-fixes and we would like to make sure all of our supported customers have access to these improvements. The update contains the following package updates:

  cinder 16.1.0

  [Test Case]
  The following SRU process was followed:
  https://wiki.ubuntu.com/OpenStackUpdates

  In order to avoid regression of existing consumers, the OpenStack team
  will run their continuous integration test against the packages that
  are in -proposed. A successful run of all available tests will be
  required before the proposed packages can be let into -updates.

  The OpenStack team will be in charge of attaching the output summary
  of the executed tests. The OpenStack team members will not mark
  ‘verification-done’ until this has happened.

  ****** Important for testing *******
  Testing will require focal-proposed + https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa to pick up the new version of python-os-brick.

  Once the python-os-brick is in focal-security we can backport it to ussuri-proposed and test it with cinder in the cloud archive.
  *********************************

  [Regression Potential]
  In order to mitigate the regression potential, the results of the
  aforementioned tests are attached to this bug.

  [Discussion]

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1883879/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list