On Fri, Mar 22, 2019 at 05:25:47PM +0100, Salvatore Bonaccorso wrote: > Source: ceilometer > Version: 1:11.0.1-4 > Severity: important > Tags: security upstream > Forwarded: https://bugs.launchpad.net/ceilometer/+bug/1811098/ > > Hi, > > The following vulnerability was published for ceilometer. > > CVE-2019-3830[0]: > | ceilometer-agent prints sensitive data from config files through log > | files > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2019-3830 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3830 > [1] https://bugs.launchpad.net/ceilometer/+bug/1811098/ > [2] https://review.openstack.org/#/c/629891/
This is fixed in https://github.com/openstack/ceilometer/commit/8881a42af169a2d7c912b1434911f978883c83f3 Could we please get that fixed in buster? Stretch is not affected. Cheers, Moritz
