On 3/21/21 7:59 PM, Moritz Muehlenhoff wrote: > Package: ceph > Severity: important > Tags: security > X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> > > CVE-2020-27781 > https://bugs.launchpad.net/manila/+bug/1904015 > https://bugzilla.redhat.com/show_bug.cgi?id=1900109 > https://github.com/ceph/ceph/commit/1b8a634fdcd94dfb3ba650793fb1b6d09af65e05 > (octopus) > https://github.com/ceph/ceph/commit/7e3e4e73783a98bb07ab399438eb3aab41a6fc8b > (nautilus) > https://github.com/ceph/ceph/commit/956ceb853a58f6b6847b31fac34f2f0228a70579 > (luminous) > > CVE-2020-27839 > https://tracker.ceph.com/issues/44591 > https://github.com/ceph/ceph/pull/38259 > https://github.com/ceph/ceph/commit/23f2604d6f9ac16779b4ac43aab6e4e434f2e8ec > > Cheers, > Moritz >
Hi Moritz, To me, these issues were fixed in 14.2.16, which is already in unstable/bullseye, and aslo in Buster backports. It matches what I have in memory (but I'm not 100% sure). I tried applying the above patches, and that's how it felt too. Am I right? Cheers, Thomas Goirand (zigo)
