Ubuntu
ceph package

  1. Bug #1928645
  2. Comment #10

Comment 10 for bug 1928645

Revision history for this message
James Page (james-page) wrote :

This bug was fixed in the package ceph - 16.2.4-0ubuntu2~cloud0
---------------

 ceph (16.2.4-0ubuntu2~cloud0) focal-xena; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 ceph (16.2.4-0ubuntu2) impish; urgency=medium
 .
   * No-change rebuild due to OpenLDAP soname bump.
 .
 ceph (16.2.4-0ubuntu1) impish; urgency=medium
 .
   * d/rules,control: Enable new crimson-osd package and provide
     seastar based crimson-osd binary.
   * SECURITY UPDATE: New upstream release (LP: #1928645):
     - CVE-2021-3509: Dashboard XSS via token cookie.
     - CVE-2021-3531: Swift API denial of service.
     - CVE-2021-3531: HTTP header injects via CORS in RGW.
     - d/p/bug1925347.patch: Drop, included in release.