Comment 1 for bug 1928645

This bug was fixed in the package ceph - 16.2.4-0ubuntu1

---------------
ceph (16.2.4-0ubuntu1) impish; urgency=medium

  * d/rules,control: Enable new crimson-osd package and provide
    seastar based crimson-osd binary.
  * SECURITY UPDATE: New upstream release (LP: #1928645):
    - CVE-2021-3509: Dashboard XSS via token cookie.
    - CVE-2021-3531: Swift API denial of service.
    - CVE-2021-3531: HTTP header injects via CORS in RGW.
    - d/p/bug1925347.patch: Drop, included in release.

 -- James Page <email address hidden> Tue, 25 May 2021 09:14:52 +0100