[Bug 1878146] Re: [SRU] ceph 14.2.9

James Page 1878146 at bugs.launchpad.net
Mon Jun 8 13:47:13 UTC 2020 

This bug was fixed in the package ceph - 14.2.9-0ubuntu0.19.10.1~cloud0
---------------

 ceph (14.2.9-0ubuntu0.19.10.1~cloud0) bionic-train; urgency=medium
 .
   * New upstream release for the Ubuntu Cloud Archive.
 .
 ceph (14.2.9-0ubuntu0.19.10.1) eoan; urgency=medium
 .
   [ Tiago Pasqualini da Silva ]
   * d/p/bug1867386: Cherry pick change that adds new configuration
     option in RGW Beast frontend to allow tuning of maximum backlog
     of pending connections (LP: #1867386).
 .
   [ James Page ]
   * New upstream point release (LP: #1878146) including fixes for:
     - CVE-2020-1759: Fixed nonce reuse in msgr V2 secure mode
     - CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting


** Changed in: cloud-archive/train
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1878146

Title:
  [SRU] ceph 14.2.9

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive train series:
  Fix Released
Status in ceph package in Ubuntu:
  Invalid
Status in ceph source package in Eoan:
  Fix Released

Bug description:
  [Impact]
  This release sports mostly bug-fixes but also two security fixes and we would like to make sure all of our supported customers have access to these improvements.

  The update contains the following package updates:

     * ceph 14.2.9

  [Test Case]
  The following SRU process was followed:

    https://wiki.ubuntu.com/OpenStack/StableReleaseUpdates

  In order to avoid regression of existing consumers, the OpenStack team
  will run their continuous integration test against the packages that
  are in -proposed. A successful run of all available tests will be
  required before the proposed packages can be let into -updates.

  The OpenStack team will be in charge of attaching the output summary
  of the executed tests. The OpenStack team members will not mark
  ‘verification-done’ until this has happened.

  [Regression Potential]
  In order to mitigate the regression potential, the results of the aforementioned tests are attached to this bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1878146/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list