CVE-2018-16846 (https://nvd.nist.gov/vuln/detail/CVE-2018-16846): It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. CVE-2018-14662 (https://nvd.nist.gov/vuln/detail/CVE-2018-14662): It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
We can stabilize 12.2.11 (which has the patch for this). I don't want to stabilize the 13.2 series yet. @arches please stabilize =sys-cluster/ceph-12.2.11
x86 stopped stabilization due to bug 679716.
fix depends on first
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4af9cbde3856cdc92a13441e6cceb1f06c067d78 commit 4af9cbde3856cdc92a13441e6cceb1f06c067d78 Author: Patrick McLean <patrick.mclean@sony.com> AuthorDate: 2019-03-29 02:22:17 +0000 Commit: Patrick McLean <chutzpah@gentoo.org> CommitDate: 2019-03-29 02:22:17 +0000 sys-cluster/ceph: Fix 12.2.11 compile fail on x86 (bug #679414) Closes: https://bugs.gentoo.org/679414 Copyright: Sony Interactive Entertainment Inc. Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Patrick McLean <chutzpah@gentoo.org> sys-cluster/ceph/ceph-12.2.11.ebuild | 1 + sys-cluster/ceph/files/ceph-12.2.11-fix-min-call.patch | 13 +++++++++++++ 2 files changed, 14 insertions(+)
Oops closed the wrong bug in my commit
@arches, please stabilize.
amd64 stable
An automated check of this bug failed - the following atom is unknown: sys-cluster/ceph-12.2.11 Please verify the atom list.
ceph has no keywords on ~x86. Dropping from CC. Last arch. Closing.
Oh, it's a security bug.
Tree is clean.
Unable to check for sanity: > no match for package: sys-cluster/ceph-12.2.11
GLSA Vote: No Thank you all for you work. Closing as [noglsa].