Summary: | <sys-cluster/ceph-14.2.5: improper URL checking leads to information disclosure (CVE-2020-1699) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | chutzpah, cluster, dlan |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://tracker.ceph.com/issues/41320 | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2020-02-25 00:38:25 UTC
PR (patches): https://github.com/ceph/ceph/pull/30445 Earliest upstream release fixed: 15.1.0 15.1.0 is an alpha release, we cannot pull that in. We should wait for a backport in to the 14.2 series. (In reply to Patrick McLean from comment #2) > 15.1.0 is an alpha release, we cannot pull that in. > > We should wait for a backport in to the 14.2 series. Sorry for the confusion, there is a backport to Nautilus which I believe is the stable series 14.2.x: https://github.com/ceph/ceph/pull/31413 It is included in 14.2.5 (https://tracker.ceph.com/issues/41980). 14.2.5 Not in tree. 14.2.7 is current stable version. GLSA Vote: No Thank you all for you work. Closing as [noglsa]. |