Source: ceph
Version: 0.80.7-2
Severity: important
Tags: security upstream
Forwarded: http://tracker.ceph.com/issues/13207

Hi,

the following vulnerability was published for ceph.

CVE-2016-7031[0]:
rgw: Anonymous user is able to read bucket with authenticated read ACL

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-7031

Please adjust the affected versions in the BTS as needed. From looking
at the code ceph seems affected, but I'm not too familiar with it to
fully understand. It looks as well not important enought to need a
DSA, so if then it could be fixed via point release, IMHO.

Let us know your toughts.

Regards,
Salvatore

_______________________________________________
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

Reply via email to