Tags: security upstream
the following vulnerability was published for ceph.
rgw: Anonymous user is able to read bucket with authenticated read ACL
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed. From looking
at the code ceph seems affected, but I'm not too familiar with it to
fully understand. It looks as well not important enought to need a
DSA, so if then it could be fixed via point release, IMHO.
Let us know your toughts.