This bug was fixed in the package cinder - 2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1
--------------- cinder (2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1) groovy; urgency=medium * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure (LP: #1823200) - Remove VxFlex OS credentials from connection_properties. Passwords are now stored in separate file and are retrieved during each attach/detach operation. Cinder is patched in 16.1.0 stable point release. - d/control: Align (Build-)Depends with min version of python3-os-brick required to fix credential exposure. - CVE-2020-10755 * New upstream snapshot for OpenStack Victoria. * d/control: Align (Build-)Depends with upstream. * d/p/py38skip.patch: Dropped. No longer needed. * d/p/skip-victoria-failures.patch: Rebased and updated with upstream bug. -- Corey Bryant <corey.bry...@canonical.com> Wed, 24 Jun 2020 09:10:19 -0400 ** Changed in: cinder (Ubuntu Groovy) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823200 Title: Improper handling of ScaleIO backend credentials To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs