[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
I want to add an addendum to comment #55. That roll-out plan worked fine, except that we should have used the same Change-Id on all the cinder patches, and same Change-Id on all the os-brick patches. This would have made it easier for people looking to see which branches contained the fix, because they would have been connected in the way backports usually are. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
Reviewed: https://review.opendev.org/749833 Committed: https://git.openstack.org/cgit/openstack/os-brick/commit/?id=173601116eb5e00274b10898b56b37dc42d685ac Submitter: Zuul Branch:stable/stein commit 173601116eb5e00274b10898b56b37dc42d685ac Author: Gorka Eguileor Date: Thu Aug 13 13:13:02 2020 +0200 ScaleIO: Connection info backward compatibility When we fixed bug 1823200 in Change-ID Iab54c515fe7be252df52b1a0503a251779805759 we made the ScaleIO connector incompatible with the old connection properties dictionary as it only supported the new 'config_group' and 'failed_over' parameters to get the password. This is a problem in any system that is upgraded and has attachments to the array, because the connection properties of those volumes will not contain the new fields and detaching them will result in error "KeyError: 'config_group'". This patch adds compatibility code to support the old connection properties format so we can detach those volumes. This patch includes the release note from Change Ib98043358d51426ca650104ad59a7e09911ee8e9 Related-Bug: #1823200 Change-Id: I6f01a178616b74ed9a86876ca46e7e46eb360518 (cherry picked from commit 54504830828757e9d72e9440dde9cff33684a74d) (cherry picked from commit 31589a624fe8d2ebb56ccbd9c94a8dd559a7da89) Conflicts: os_brick/initiator/connectors/scaleio.py (cherry picked from commit db95b001e2fe53a71ec0b881407ecdf7c3db32fc) ** Tags added: in-stable-stein -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
Reviewed: https://review.opendev.org/746621 Committed: https://git.openstack.org/cgit/openstack/os-brick/commit/?id=db95b001e2fe53a71ec0b881407ecdf7c3db32fc Submitter: Zuul Branch:stable/train commit db95b001e2fe53a71ec0b881407ecdf7c3db32fc Author: Gorka Eguileor Date: Thu Aug 13 13:13:02 2020 +0200 ScaleIO: Connection info backward compatibility When we fixed bug 1823200 in Change-ID Iab54c515fe7be252df52b1a0503a251779805759 we made the ScaleIO connector incompatible with the old connection properties dictionary as it only supported the new 'config_group' and 'failed_over' parameters to get the password. This is a problem in any system that is upgraded and has attachments to the array, because the connection properties of those volumes will not contain the new fields and detaching them will result in error "KeyError: 'config_group'". This patch adds compatibility code to support the old connection properties format so we can detach those volumes. Related-Bug: #1823200 Change-Id: I6f01a178616b74ed9a86876ca46e7e46eb360518 (cherry picked from commit 54504830828757e9d72e9440dde9cff33684a74d) (cherry picked from commit 31589a624fe8d2ebb56ccbd9c94a8dd559a7da89) Conflicts: os_brick/initiator/connectors/scaleio.py ** Tags added: in-stable-train -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
Reviewed: https://review.opendev.org/746572 Committed: https://git.openstack.org/cgit/openstack/os-brick/commit/?id=31589a624fe8d2ebb56ccbd9c94a8dd559a7da89 Submitter: Zuul Branch:stable/ussuri commit 31589a624fe8d2ebb56ccbd9c94a8dd559a7da89 Author: Gorka Eguileor Date: Thu Aug 13 13:13:02 2020 +0200 ScaleIO: Connection info backward compatibility When we fixed bug 1823200 in Change-ID Iab54c515fe7be252df52b1a0503a251779805759 we made the ScaleIO connector incompatible with the old connection properties dictionary as it only supported the new 'config_group' and 'failed_over' parameters to get the password. This is a problem in any system that is upgraded and has attachments to the array, because the connection properties of those volumes will not contain the new fields and detaching them will result in error "KeyError: 'config_group'". This patch adds compatibility code to support the old connection properties format so we can detach those volumes. Related-Bug: #1823200 Change-Id: I6f01a178616b74ed9a86876ca46e7e46eb360518 (cherry picked from commit 54504830828757e9d72e9440dde9cff33684a74d) ** Tags added: in-stable-ussuri -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
Reviewed: https://review.opendev.org/733615 Committed: https://git.openstack.org/cgit/openstack/os-brick/commit/?id=4047948f1ac8055a025972ad73ec3ec421450775 Submitter: Zuul Branch:stable/pike commit 4047948f1ac8055a025972ad73ec3ec421450775 Author: Ivan Pchelintsev Date: Tue Jun 2 16:23:04 2020 +0300 Remove VxFlex OS credentials from connection_properties VxFlex OS password is not stored in block_device_mapping table. Instead of this passwords are stored in separate file and are retrieved during each attach/detach operation. Closes-Bug: #1823200 Change-Id: Ib7778ba9d38a68d8b56ca632c5f1c353d55830b0 (cherry picked from commit 72c63681178286ed9cd1e1ab48969a64b9004d7c) ** Tags added: in-stable-pike -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
This bug was fixed in the package cinder - 2:12.0.9-0ubuntu1.2~cloud0 --- cinder (2:12.0.9-0ubuntu1.2~cloud0) xenial-queens; urgency=medium . * New update for the Ubuntu Cloud Archive. . cinder (2:12.0.9-0ubuntu1.2) bionic-security; urgency=medium . * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - debian/patches/CVE-2020-10755.patch: Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. - d/control: Align (Build-)Depends with min version of python3-os-brick required to fix credential exposure. - CVE-2020-10755 ** Changed in: cloud-archive/queens Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
This bug was fixed in the package python-os-brick - 2.8.1-0ubuntu1~cloud0.1 --- python-os-brick (2.8.1-0ubuntu1~cloud0.1) bionic-stein; urgency=medium . * d/gbp.conf: Create stable/stein branch. * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - debian/patches/CVE-2020-10755*.patch: Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. - CVE-2020-10755 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
This bug was fixed in the package cinder - 2:13.0.9-0ubuntu1~cloud1.1 --- cinder (2:13.0.9-0ubuntu1~cloud1.1) bionic-rocky; urgency=medium . * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - debian/patches/CVE-2020-10755.patch: Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. - d/control: Align (Build-)Depends with min version of python3-os-brick required to fix credential exposure. - CVE-2020-10755 * d/control: Add python3-sqlalchemy-utils Build-Depends to enable successful test execution. ** Changed in: cloud-archive/rocky Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
This bug was fixed in the package python-os-brick - 2.5.3-0ubuntu1~cloud0.1 --- python-os-brick (2.5.3-0ubuntu1~cloud0.1) bionic-rocky; urgency=medium . * d/gbp.conf: Create stable/rocky branch. * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - debian/patches/CVE-2020-10755*.patch: Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. - CVE-2020-10755 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
This bug was fixed in the package cinder - 2:14.1.0-0ubuntu1~cloud0 --- cinder (2:14.1.0-0ubuntu1~cloud0) bionic-stein; urgency=medium . [ Chris MacNaughton ] * New stable point release for OpenStack Stein (LP: #1884028). . [ Corey Bryant ] * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. Cinder is patched in 14.1.0 stable point release. - d/control: Align (Build-)Depends with min version of python3-os-brick required to fix credential exposure. - CVE-2020-10755 ** Changed in: cloud-archive/stein Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
Eoan is EOL ** Changed in: python-os-brick (Ubuntu Eoan) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
Eoan is EOL ** Changed in: cinder (Ubuntu Eoan) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
This bug was fixed in the package python-os-brick - 2.10.0-0ubuntu1~cloud0.1 --- python-os-brick (2.10.0-0ubuntu1~cloud0.1) bionic-train; urgency=medium . * d/gbp.conf: Create stable/train branch. * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - debian/patches/CVE-2020-10755*.patch: Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. - CVE-2020-10755 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
This bug was fixed in the package cinder - 2:15.2.0-0ubuntu1~cloud0 --- cinder (2:15.2.0-0ubuntu1~cloud0) bionic-train; urgency=medium . [ Chris MacNaughton ] * New stable point release for OpenStack Train (LP: #1883892) * d/control: Align (Build-)Depends with upstream. . [ Corey Bryant ] * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. Cinder is patched in 15.2.0 stable point release. - d/control: Align (Build-)Depends with min version of python3-os-brick required to fix credential exposure. - CVE-2020-10755 ** Changed in: cloud-archive/train Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
This bug was fixed in the package python-os-brick - 3.0.1-0ubuntu1.2~cloud0 --- python-os-brick (3.0.1-0ubuntu1.2~cloud0) bionic-ussuri; urgency=medium . * New update for the Ubuntu Cloud Archive. . python-os-brick (3.0.1-0ubuntu1.2) focal-security; urgency=medium . * d/gbp.conf: Create stable/ussuri branch. * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - debian/patches/CVE-2020-10755.patch: Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. - CVE-2020-10755 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
This bug was fixed in the package cinder - 2:16.1.0-0ubuntu1~cloud0 --- cinder (2:16.1.0-0ubuntu1~cloud0) bionic-ussuri; urgency=medium . * New upstream release for the Ubuntu Cloud Archive. . cinder (2:16.1.0-0ubuntu1) focal-security; urgency=medium . [ Chris MacNaughton ] * New stable point release for OpenStack Ussuri (LP: #1883879). . [ Corey Bryant ] * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. Cinder is patched in 16.1.0 stable point release. - d/control: Align (Build-)Depends with min version of python3-os-brick required to fix credential exposure. - CVE-2020-10755 ** Changed in: cloud-archive/ussuri Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
This bug was fixed in the package cinder - 2:12.0.9-0ubuntu1.2 --- cinder (2:12.0.9-0ubuntu1.2) bionic-security; urgency=medium * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - debian/patches/CVE-2020-10755.patch: Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. - d/control: Align (Build-)Depends with min version of python3-os-brick required to fix credential exposure. - CVE-2020-10755 -- Corey Bryant Tue, 23 Jun 2020 15:58:12 -0400 ** Changed in: cinder (Ubuntu Bionic) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
This bug was fixed in the package cinder - 2:16.1.0-0ubuntu1 --- cinder (2:16.1.0-0ubuntu1) focal-security; urgency=medium [ Chris MacNaughton ] * New stable point release for OpenStack Ussuri (LP: #1883879). [ Corey Bryant ] * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. Cinder is patched in 16.1.0 stable point release. - d/control: Align (Build-)Depends with min version of python3-os-brick required to fix credential exposure. - CVE-2020-10755 -- Corey Bryant Tue, 23 Jun 2020 16:52:33 -0400 ** Changed in: cinder (Ubuntu Focal) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
This bug was fixed in the package python-os-brick - 2.3.0-0ubuntu1.2 --- python-os-brick (2.3.0-0ubuntu1.2) bionic-security; urgency=medium * d/gbp.conf: Create stable/queens branch. * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - debian/patches/CVE-2020-10755*.patch: Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. - CVE-2020-10755 -- Corey Bryant Thu, 26 Apr 2018 13:34:33 -0400 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
This bug was fixed in the package python-os-brick - 3.0.1-0ubuntu1.2 --- python-os-brick (3.0.1-0ubuntu1.2) focal-security; urgency=medium * d/gbp.conf: Create stable/ussuri branch. * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - debian/patches/CVE-2020-10755.patch: Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. - CVE-2020-10755 -- Corey Bryant Mon, 08 Jun 2020 09:25:57 -0400 ** Changed in: python-os-brick (Ubuntu Focal) Status: Triaged => Fix Released ** Changed in: python-os-brick (Ubuntu Bionic) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
This bug was fixed in the package cinder - 2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1~cloud0 --- cinder (2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1~cloud0) focal-victoria; urgency=medium . * New upstream release for the Ubuntu Cloud Archive. . cinder (2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1) groovy; urgency=medium . * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. Cinder is patched in 16.1.0 stable point release. - d/control: Align (Build-)Depends with min version of python3-os-brick required to fix credential exposure. - CVE-2020-10755 * New upstream snapshot for OpenStack Victoria. * d/control: Align (Build-)Depends with upstream. * d/p/py38skip.patch: Dropped. No longer needed. * d/p/skip-victoria-failures.patch: Rebased and updated with upstream bug. . cinder (2:16.0.0-0ubuntu2) groovy; urgency=medium . * d/p/skip-victoria-failures.patch: Temporarily skipping groovy failures to unblock Ussuri. . cinder (2:16.0.0-0ubuntu1) groovy; urgency=medium . * d/watch: Update tarball version. * d/p/py38skip.patch: Refresh patch. * New upstream release for OpenStack Ussuri (LP: #1877642). * d/p/monkey-patch-original-current-thread.patch: Removed as it is merged into rc3 upstream. ** Changed in: cloud-archive Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
This bug was fixed in the package cinder - 2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1~cloud0 --- cinder (2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1~cloud0) focal-victoria; urgency=medium . * New upstream release for the Ubuntu Cloud Archive. . cinder (2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1) groovy; urgency=medium . * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. Cinder is patched in 16.1.0 stable point release. - d/control: Align (Build-)Depends with min version of python3-os-brick required to fix credential exposure. - CVE-2020-10755 * New upstream snapshot for OpenStack Victoria. * d/control: Align (Build-)Depends with upstream. * d/p/py38skip.patch: Dropped. No longer needed. * d/p/skip-victoria-failures.patch: Rebased and updated with upstream bug. . cinder (2:16.0.0-0ubuntu2) groovy; urgency=medium . * d/p/skip-victoria-failures.patch: Temporarily skipping groovy failures to unblock Ussuri. . cinder (2:16.0.0-0ubuntu1) groovy; urgency=medium . * d/watch: Update tarball version. * d/p/py38skip.patch: Refresh patch. * New upstream release for OpenStack Ussuri (LP: #1877642). * d/p/monkey-patch-original-current-thread.patch: Removed as it is merged into rc3 upstream. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
** Changed in: cloud-archive Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
This bug was fixed in the package cinder - 2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1 --- cinder (2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1) groovy; urgency=medium * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. Cinder is patched in 16.1.0 stable point release. - d/control: Align (Build-)Depends with min version of python3-os-brick required to fix credential exposure. - CVE-2020-10755 * New upstream snapshot for OpenStack Victoria. * d/control: Align (Build-)Depends with upstream. * d/p/py38skip.patch: Dropped. No longer needed. * d/p/skip-victoria-failures.patch: Rebased and updated with upstream bug. -- Corey Bryant Wed, 24 Jun 2020 09:10:19 -0400 ** Changed in: cinder (Ubuntu Groovy) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
** Changed in: python-os-brick (Ubuntu Eoan) Importance: Undecided => High ** Changed in: python-os-brick (Ubuntu Eoan) Status: New => Triaged ** Changed in: python-os-brick (Ubuntu Bionic) Importance: Undecided => High ** Changed in: python-os-brick (Ubuntu Bionic) Status: New => Triaged ** Changed in: python-os-brick (Ubuntu Groovy) Status: Triaged => Fix Released ** Changed in: cinder (Ubuntu Groovy) Importance: Undecided => High ** Changed in: cinder (Ubuntu Groovy) Status: New => Triaged ** Changed in: cinder (Ubuntu Focal) Importance: Undecided => High ** Changed in: cinder (Ubuntu Focal) Status: New => Triaged ** Changed in: cinder (Ubuntu Eoan) Importance: Undecided => High ** Changed in: cinder (Ubuntu Eoan) Status: New => Triaged ** Changed in: cinder (Ubuntu Bionic) Importance: Undecided => High ** Changed in: cinder (Ubuntu Bionic) Status: New => Triaged ** Also affects: cloud-archive Importance: Undecided Status: New ** Also affects: cloud-archive/stein Importance: Undecided Status: New ** Also affects: cloud-archive/train Importance: Undecided Status: New ** Also affects: cloud-archive/rocky Importance: Undecided Status: New ** Also affects: cloud-archive/queens Importance: Undecided Status: New ** Also affects: cloud-archive/victoria Importance: Undecided Status: New ** Also affects: cloud-archive/ussuri Importance: Undecided Status: New ** Changed in: cloud-archive/victoria Importance: Undecided => High ** Changed in: cloud-archive/victoria Status: New => Triaged ** Changed in: cloud-archive/ussuri Importance: Undecided => High ** Changed in: cloud-archive/ussuri Status: New => Triaged ** Changed in: cloud-archive/train Importance: Undecided => High ** Changed in: cloud-archive/train Status: New => Triaged ** Changed in: cloud-archive/stein Importance: Undecided => High ** Changed in: cloud-archive/stein Status: New => Triaged ** Changed in: cloud-archive/rocky Importance: Undecided => High ** Changed in: cloud-archive/rocky Status: New => Triaged ** Changed in: cloud-archive/queens Importance: Undecided => High ** Changed in: cloud-archive/queens Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
** Changed in: python-os-brick (Ubuntu Focal) Importance: Undecided => High ** Changed in: python-os-brick (Ubuntu Focal) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
The attachment "cinder.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823200] Re: Improper handling of ScaleIO backend credentials
** Also affects: python-os-brick (Ubuntu) Importance: Undecided Status: New ** Also affects: cinder (Ubuntu) Importance: Undecided Status: New ** Also affects: cinder (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: python-os-brick (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: cinder (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: python-os-brick (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: cinder (Ubuntu Groovy) Importance: Undecided Status: New ** Also affects: python-os-brick (Ubuntu Groovy) Importance: Undecided Status: New ** Also affects: cinder (Ubuntu Eoan) Importance: Undecided Status: New ** Also affects: python-os-brick (Ubuntu Eoan) Importance: Undecided Status: New ** Changed in: python-os-brick (Ubuntu Groovy) Importance: Undecided => High ** Changed in: python-os-brick (Ubuntu Groovy) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
