Source: ceph Version: 0.80.7-2 Severity: important Tags: security upstream Forwarded: http://tracker.ceph.com/issues/13207
Hi, the following vulnerability was published for ceph. CVE-2016-7031[0]: rgw: Anonymous user is able to read bucket with authenticated read ACL If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-7031 Please adjust the affected versions in the BTS as needed. From looking at the code ceph seems affected, but I'm not too familiar with it to fully understand. It looks as well not important enought to need a DSA, so if then it could be fixed via point release, IMHO. Let us know your toughts. Regards, Salvatore
