[Bug 1929179] Re: [SRU] ceph 15.2.12
James Page
1929179 at bugs.launchpad.net
Tue Jul 6 12:49:39 UTC 2021
bionic/ussuri-proposed
======
Totals
======
Ran: 99 tests in 1592.9320 sec.
- Passed: 90
- Skipped: 9
- Expected Fail: 0
- Unexpected Success: 0
- Failed: 0
Sum of execute time for each test: 604.7059 sec.
** Tags removed: verification-ussuri-needed
** Tags added: verification-ussuri-done
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1929179
Title:
[SRU] ceph 15.2.12
Status in Ubuntu Cloud Archive:
Invalid
Status in Ubuntu Cloud Archive ussuri series:
Fix Released
Status in ceph package in Ubuntu:
Invalid
Status in ceph source package in Focal:
Fix Released
Status in ceph source package in Groovy:
Fix Released
Bug description:
[Impact]
This release fixes several bugs. We would like to make sure all of our users have access to these improvements.
The update contains the following package updates:
* ceph 15.2.12
[Test Case]
The following SRU process was followed:
https://wiki.ubuntu.com/OpenStackUpdates
In order to avoid regression of existing users, the OpenStack team
will run their continuous integration test against the packages that
are in -proposed. A successful run of all available tests will be
required before the proposed packages can be let into -updates.
The OpenStack team will be in charge of attaching the output summary
of the executed tests. The OpenStack team members will not mark
‘verification-done’ until this has happened.
[Regression Potential]
In order to mitigate the regression potential, the results of the
aforementioned tests are attached to this bug.
[Upstream release announcement]
V15.2.12 OCTOPUS
This is a hotfix release addressing a number of security issues and
regressions. We recommend all users update to this release.
CHANGELOG
mgr/dashboard: fix base-href: revert it to previous approach (issue#50684, Avan Thakkar)
mgr/dashboard: fix cookie injection issue (CVE-2021-3509: Dashboard
XSS via token cookie, Ernesto Puerta)
rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name
(CVE-2021-3531: Swift API denial of service, Felix Huettner)
rgw: sanitize r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524:
HTTP header injects via CORS in RGW, Sergey Bobrov, Casey Bodley)
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1929179/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list