Bug#986974: marked as done (ceph: CVE-2021-20288)

[Debian Bug Tracking System]

Your message dated Tue, 20 Apr 2021 14:33:42 +0000
with message-id <e1lyrre-000dgd...@fasolo.debian.org>
and subject line Bug#986974: fixed in ceph 14.2.20-1
has caused the Debian Bug report #986974,
regarding ceph: CVE-2021-20288
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
986974: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986974
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: ceph
Version: 14.2.18-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for ceph.

CVE-2021-20288[0]:
| Unauthorized global_id reuse in cephx

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-20288
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20288
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1938031
[2] https://www.openwall.com/lists/oss-security/2021/04/14/2

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: ceph
Source-Version: 14.2.20-1
Done: Thomas Goirand <z...@debian.org>

We believe that the bug you reported is fixed in the latest version of
ceph, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 986...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated ceph package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 20 Apr 2021 13:00:13 +0200
Source: ceph
Architecture: source
Version: 14.2.20-1
Distribution: unstable
Urgency: medium
Maintainer: Ceph Packaging Team <team+c...@tracker.debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Closes: 986173 986974 987192
Changes:
 ceph (14.2.20-1) unstable; urgency=medium
 .
   * New upstream point release (Closes: #986173):
     - Fixes CVE-2021-20288: Unauthorized global_id reuse in cephx
       (Closes: #986974)
   * Remove "rm -rf /etc/ceph" in ceph-base.postinst (Closes: #987192).
Checksums-Sha1:
 f7938952f01b07e007c54723e251cb0915566466 5896 ceph_14.2.20-1.dsc
 59fffa0674e82770e54b7c411caf9749bb93aec1 129271968 ceph_14.2.20.orig.tar.gz
 a49a3fc6b64f76f206d791b09f417d5f659cea05 111848 ceph_14.2.20-1.debian.tar.xz
 4743457c8e33e71b1223bc14f6f92dab44cd933b 34310 ceph_14.2.20-1_amd64.buildinfo
Checksums-Sha256:
 335d84ba78fb1edb07dcf237694e769396ae785c1a328de63fc4d1995a5ced13 5896 
ceph_14.2.20-1.dsc
 d3ebf4d8ca2a424927e22e5d8eb4af44b902d2d7f67d5f48688a77894d60e390 129271968 
ceph_14.2.20.orig.tar.gz
 cdb581cf3ef974f3479698c59c8f2a9927a2c8ab5960f214440a434fab956f08 111848 
ceph_14.2.20-1.debian.tar.xz
 f836949fb1130266f0ddd2bb34f6c8441a28e93b5577b10c79ea6efcf4b066ae 34310 
ceph_14.2.20-1_amd64.buildinfo
Files:
 0ee1ba12c5a86a90eadcdb4cd7a95e16 5896 admin optional ceph_14.2.20-1.dsc
 a7c9095ba00b4a75b24cf27c3c1c1d61 129271968 admin optional 
ceph_14.2.20.orig.tar.gz
 84845ed0daec9e18ca6ed321a64fa213 111848 admin optional 
ceph_14.2.20-1.debian.tar.xz
 6bb248bb653ff15b6bb4d061094863a8 34310 admin optional 
ceph_14.2.20-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmB+28sACgkQ1BatFaxr
Q/7GeQ//WnErc5KpisnonZ7d5U/wyH7CE3iU2JGpZVeCGED+/M1Tom/gq80Ttvse
BenC+qjlYNu5QyCZMEZcBreBiy4+Rw20V4YljygAyNjG9zzPns6L4lh1lF8oJOFJ
L3vraZZI91R0vkVlg6Q5cX71swF3LzzxH8S1ESIOssQfz6Y1A/A1nhHtYNH1uh7P
u81OnpF3c5aK5crZ3/eLTvxeDha4Pni26QawOvgyjxD9fCLPeTJcbuU98KRO4Ru0
/QiTc7WfpcY7eYuiO0qZWCu5X8dLZ/w6ykgHx1xfSZCiK9vI0C9caJviqRd5EHqE
B6QLFI9YzHJ68Y7jJQqbb36ubOOl1UK9lWFsGZu2RKsmqHhmBb++Qg529ZVtx9SB
7w8IixKVLe0DOTNAlvxQXh4dgc9sZWk5/l9mikk3zVmci7rlNsdmdf6AAXKWt/ib
vMdN6yr4ieeElraE8wJdg8LuGYd/DxHHoFnBkuCzdHhueb7jd+l11bH2IhwsExO3
HtmTPtZja5GkgfeYzgfeOIj1wrnrVFopqp7Lfi0d87IaoHKBMG1UmDEEYYSxuU9x
51GYadPjgZeDn1YCHdelY7uWXPdkLRl6FhXU6qXyDV2vAygr6oeNB11Ui2Q1F0Ds
7RDOspsgNZLMg7V5pHKYjQAnKLsXTcQiVei5G6dWjik8E+SOwLs=
=VgcA
-----END PGP SIGNATURE-----

--- End Message ---