Upstream have merged in a fix for the world-writable targetcli-fb daemon socket - https://github.com/open-iscsi/targetcli-fb/issues/162 - and assigned CVE-2020-10699 for it - but there has been no official release. With this fix in place, I would be happy to change the NACK to an ACK for targetcli-fb.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-10699 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1854362 Title: [MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ceph-iscsi/+bug/1854362/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
