Your message dated Mon, 09 Oct 2023 09:08:59 +0000
with message-id <[email protected]>
and subject line Bug#1053690: fixed in ceph 16.2.11+ds-5
has caused the Debian Bug report #1053690,
regarding ceph: CVE-2023-43040: Improperly verified POST keys
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1053690: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053690
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ceph
Version: 16.2.11+ds-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/ceph/ceph/pull/53714
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for ceph.
CVE-2023-43040[0]:
| Improperly verified POST keys
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-43040
https://www.cve.org/CVERecord?id=CVE-2023-43040
[1] https://www.openwall.com/lists/oss-security/2023/09/26/10
[2] https://github.com/ceph/ceph/pull/53714
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ceph
Source-Version: 16.2.11+ds-5
Done: Thomas Goirand <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ceph, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated ceph package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 09 Oct 2023 08:53:31 +0200
Source: ceph
Architecture: source
Version: 16.2.11+ds-5
Distribution: unstable
Urgency: high
Maintainer: Ceph Packaging Team <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 1053690
Changes:
ceph (16.2.11+ds-5) unstable; urgency=high
.
* CVE-2023-43040: security issue with RGW with improperly verified POST keys.
Applied upstream fix: rgw: Fix bucket validation against POST policies
(Closes: #1053690).
Checksums-Sha1:
8fad28792097a13f939fb90b683140053e5e89c3 8082 ceph_16.2.11+ds-5.dsc
6e66532749768cec71eef00574f916a1ce53f7ed 122088 ceph_16.2.11+ds-5.debian.tar.xz
7efa0d140a4698bab6a6c7078c32608e161d461e 42412
ceph_16.2.11+ds-5_amd64.buildinfo
Checksums-Sha256:
f6f298352f777aa5e8c9803d8ec9846fcc3610a63b8c7a0765d980717f9afef6 8082
ceph_16.2.11+ds-5.dsc
7b7b4ae28430cbad958b74b7faf266b7897892200ec6f1e7a758adee40572539 122088
ceph_16.2.11+ds-5.debian.tar.xz
47ed629b74ccb8b4db31a19cb1bcbdc483887dafd65cd9d8d4e41142695344e4 42412
ceph_16.2.11+ds-5_amd64.buildinfo
Files:
79f7ed1dbfb99b68622f8a87f1e562f2 8082 admin optional ceph_16.2.11+ds-5.dsc
876a320457200e1bd3ffe78f4e4360a4 122088 admin optional
ceph_16.2.11+ds-5.debian.tar.xz
c7fe4c2733db06d1569fc98571a9a303 42412 admin optional
ceph_16.2.11+ds-5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmUjvFsACgkQ1BatFaxr
Q/5pSQ/7BOOHGv0clxylUJ009s5ApM01tDzojBK15UsFqB5dsDsTG6pd+1mtAP+E
a6q7wC3mP4X1xxh5nN+EHagPIigew4k5xDg6DV/BsP/DSJ/fx9pLCZhj0e9bFXFS
lR+CvSJosJVxRBiAcevzAJE9y3+SA0Q8Zck2yciKbc+4J1RHWCBn2vrMwUHjF9CG
WtLSwOmeZqQV30W7MxLDUsgGWjon4cuxoY0T9PkcuJpSNhK9SNed1fSLIy0TEWDQ
gAgu9xoqd1pMbFGWMcpHrg0ZwgbhXyScByGOjYss18NM41BQju2o6TCsG4MVKm/1
ama/Xl5A/hHV8HB3qK4phGpo08yKZ8KMrqrDGnAMvdOw6c/oczqwJ4K4wltNXcoL
39Wke6FkzkT5iyVhdIWFO/G767YVQEA7X0l7xev2hAfhP4knoAC6jOFldhPwMvjf
d3Sie3K+n7SKDJdBhNgvsBWNVP+dcZWrrjNB9+WWqpO5kjzqOcGIJTU5BwvhI0/r
kiVPLrh328U1hf6svI5kw0a7yu9VaPzbNkpzrILU11cdl58fDkOQU8TW2HdzSShY
4OzEwKiqt9fXLr8el6iy+w4A3tJWh7adBph1I211JcHGIUwVjM9EAobypCulMANe
nuNzNZLOyUOwr/SkszZ0zOk1UcaPbHPNI4UNWnH+OG8eUnRAS/4=
=xzNI
-----END PGP SIGNATURE-----
--- End Message ---
