This bug was fixed in the package cinder -
2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1~cloud0
---------------
cinder (2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1~cloud0) focal-victoria;
urgency=medium
.
* New upstream release for the Ubuntu Cloud Archive.
.
cinder (2:17.0.0~b1~git2020062409.85fcf1057-0ubuntu1) groovy; urgency=medium
.
* SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure
(LP: #1823200)
- Remove VxFlex OS credentials from connection_properties. Passwords are
now stored in separate file and are retrieved during each attach/detach
operation. Cinder is patched in 16.1.0 stable point release.
- d/control: Align (Build-)Depends with min version of python3-os-brick
required to fix credential exposure.
- CVE-2020-10755
* New upstream snapshot for OpenStack Victoria.
* d/control: Align (Build-)Depends with upstream.
* d/p/py38skip.patch: Dropped. No longer needed.
* d/p/skip-victoria-failures.patch: Rebased and updated with upstream bug.
.
cinder (2:16.0.0-0ubuntu2) groovy; urgency=medium
.
* d/p/skip-victoria-failures.patch: Temporarily skipping groovy
failures to unblock Ussuri.
.
cinder (2:16.0.0-0ubuntu1) groovy; urgency=medium
.
* d/watch: Update tarball version.
* d/p/py38skip.patch: Refresh patch.
* New upstream release for OpenStack Ussuri (LP: #1877642).
* d/p/monkey-patch-original-current-thread.patch: Removed as it is
merged into rc3 upstream.
** Changed in: cloud-archive
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1823200
Title:
Improper handling of ScaleIO backend credentials
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1823200/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
