Summary: | <sys-cluster/ceph-{14.2.16,15.2.8}: user credential leak with OpenStack Manila (CVE-2020-27781) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | chutzpah, cluster, dlan |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | C4 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 760824 |
Description
John Helmert III
2020-12-27 19:21:30 UTC
Sanity check failed:
> sys-cluster/ceph-14.2.13
> depend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (2 total)
> dev-libs/crypto++:=
> depend amd64 stable profile default/linux/amd64/17.1 (14 total)
> dev-libs/crypto++:=
> rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (2 total)
> dev-libs/crypto++:=
> rdepend amd64 stable profile default/linux/amd64/17.1 (14 total)
> dev-libs/crypto++:=
> sys-cluster/ceph-14.2.16
> depend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (2 total)
> dev-libs/crypto++:=
> depend amd64 stable profile default/linux/amd64/17.1 (14 total)
> dev-libs/crypto++:=
> rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (2 total)
> dev-libs/crypto++:=
> rdepend amd64 stable profile default/linux/amd64/17.1 (14 total)
> dev-libs/crypto++:=
We can stabilize 14.2.16 amd64 done all arches done Please cleanup. Added to an existing GLSA request. This issue was resolved and addressed in GLSA 202105-39 at https://security.gentoo.org/glsa/202105-39 by GLSA coordinator Thomas Deutschmann (whissi). |