Your message dated Sat, 18 Jan 2020 18:39:31 +0000 with message-id <e1ist0n-000ajj...@fasolo.debian.org> and subject line Bug#949206: fixed in ceph 14.2.6-3 has caused the Debian Bug report #949206, regarding ceph: CVE-2020-1699: improper URL checking might expose sensitive information to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 949206: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949206 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ceph Version: 14.2.6-1 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://tracker.ceph.com/issues/41320 Control: found -1 14.2.6-2 Hi, The following vulnerability was published for ceph. CVE-2020-1699[0]: | improper URL checking leads to information disclosure If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-1699 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1699 [1] https://tracker.ceph.com/issues/41320 [2] https://github.com/ceph/ceph/commit/0443e40c11280ba3b7efcba61522afa70c4f8158 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ceph Source-Version: 14.2.6-3 We believe that the bug you reported is fixed in the latest version of ceph, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 949...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernd Zeimetz <b...@debian.org> (supplier of updated ceph package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 18 Jan 2020 19:11:22 +0100 Source: ceph Architecture: source Version: 14.2.6-3 Distribution: experimental Urgency: high Maintainer: Ceph Packaging Team <team+c...@tracker.debian.org> Changed-By: Bernd Zeimetz <b...@debian.org> Closes: 948722 949206 Changes: ceph (14.2.6-3) experimental; urgency=high . * Uploading to unstable, including changes to make ceph build on mipsel again (Closes: #948722). * [1bac6f0] mgr/dashboard: fix improper URL checking. This change disables up-level references beyond the HTTP base directory. [CVE-2020-1699] Upstream commit 0443e40c11280ba3b7efcba61522afa70c4f8158 Thanks to Salvatore Bonaccorso (Closes: #949206) * [720ce76] Updating changelog (from experimental) Checksums-Sha1: 6379a5f7a9edea93fed5b97c628858a2b83c0b53 8690 ceph_14.2.6-3.dsc 4c35305ebe2d1a4663ca4c3671e3f07588ad0564 108836 ceph_14.2.6-3.debian.tar.xz e40fccb8240d0052a018fdf1ca8766e3c5dcf58e 19604 ceph_14.2.6-3_source.buildinfo Checksums-Sha256: 9ae563adbc7d7790c8f34d766b4498c6a558e7e963a3dcbb3bb558fac1aa8030 8690 ceph_14.2.6-3.dsc e9b3194cbf69f5ce69b59f54d2c5e858518dc1bfd3512de795c559586462eb73 108836 ceph_14.2.6-3.debian.tar.xz 59c3fd7bc52ef3fa56a4c01d635a7cf1b983f00b41e61273488c1f5530322b2d 19604 ceph_14.2.6-3_source.buildinfo Files: 75016abf3bbc9479d3a1b4785eff359b 8690 admin optional ceph_14.2.6-3.dsc ca1e1d3d7a73d8ff5dd165cff79a0cb0 108836 admin optional ceph_14.2.6-3.debian.tar.xz 797ea44c4eb1229c40edf08de0847462 19604 admin optional ceph_14.2.6-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE7KHj8o4RJDLUhd2V6zYXGm/5Q18FAl4jS2IACgkQ6zYXGm/5 Q19OpxAApj2h9Cgd8wtJUOJh7l3p9eUJffaZdfMe+tYnCmX80YZVdmvxBZXJKNNH gBilHJusZf3SazHWojVVnzNqFQmU3eij7dxkhE2k2T9amrEtNWqjDTRHNraVtWqU BZUPq923iLpPF+tl1MPk9IvpSG/IIX2MBccb5AhNGWtwgBFowDts0TwJd4b3822g 2CuvP2rUVmQoSggeEGFcfkxZErEdJGhQXhyqCfxiiOfmdbBjCl1h2aA2QB8VFbI2 ++PbawRH+Bhk3LXL4BxW8AyMjA5jIisc+4RHv1t8WogOoRygJAV4rgJLBCPiX1x4 o+E7kNoV6Evqji1UNBYiZbIMs1G9T6zvsx5G3NVLRnhOYv6m89wLI2QNpqhhKzcP C5RkG0sC7attVh1YHrf+/rUaz6W3lJpzY/crw6U3voAkkp27t288pUulpvEjCUy3 Kk08eV9o1OogrRbrSNGmL0XDIDts1DIiLjlIbPgyPo2usKuPzEK0p4EcgRtNG15J 2CpJBb4+DthbyOKH78FZQA8QFz6UC+v6fz8W/3jNSWzQxKPMs2CJHmRc0fLxeWsm bkyRYcA4YN8hF2EQHCWNRsovX/JeW+8Mjoxonic7Upb7PO/aVRhlWNYtsbUi0vzt zN+GTrlrtX07+0mgnHs/FQl3Gol7mwgxs66jGrzwbShpImCAZKg= =YGV+ -----END PGP SIGNATURE-----
--- End Message ---
