[Bug 1929179] Proposed package upload rejected
Brian Murray
1929179 at bugs.launchpad.net
Tue Jun 22 17:54:20 UTC 2021
An upload of ceph to groovy-proposed has been rejected from the upload
queue for the following reason: "I've rejected this for groovy due to
unanswered questions about it being a security update and with groovy
nearing EoL.".
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ceph in Ubuntu.
https://bugs.launchpad.net/bugs/1929179
Title:
[SRU] ceph 15.2.12
Status in Ubuntu Cloud Archive:
Invalid
Status in Ubuntu Cloud Archive ussuri series:
Triaged
Status in ceph package in Ubuntu:
Invalid
Status in ceph source package in Focal:
Triaged
Status in ceph source package in Groovy:
Triaged
Bug description:
[Impact]
This release fixes several bugs. We would like to make sure all of our users have access to these improvements.
The update contains the following package updates:
* ceph 15.2.12
[Test Case]
The following SRU process was followed:
https://wiki.ubuntu.com/OpenStackUpdates
In order to avoid regression of existing users, the OpenStack team
will run their continuous integration test against the packages that
are in -proposed. A successful run of all available tests will be
required before the proposed packages can be let into -updates.
The OpenStack team will be in charge of attaching the output summary
of the executed tests. The OpenStack team members will not mark
‘verification-done’ until this has happened.
[Regression Potential]
In order to mitigate the regression potential, the results of the
aforementioned tests are attached to this bug.
[Upstream release announcement]
V15.2.12 OCTOPUS
This is a hotfix release addressing a number of security issues and
regressions. We recommend all users update to this release.
CHANGELOG
mgr/dashboard: fix base-href: revert it to previous approach (issue#50684, Avan Thakkar)
mgr/dashboard: fix cookie injection issue (CVE-2021-3509: Dashboard
XSS via token cookie, Ernesto Puerta)
rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name
(CVE-2021-3531: Swift API denial of service, Felix Huettner)
rgw: sanitize r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524:
HTTP header injects via CORS in RGW, Sergey Bobrov, Casey Bodley)
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1929179/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list