Your message dated Wed, 04 Dec 2024 03:55:09 +0000
with message-id <e1tigtl-009781...@fasolo.debian.org>
and subject line Bug#1088993: fixed in ceph 18.2.4+ds-11
has caused the Debian Bug report #1088993,
regarding ceph: CVE-2024-48916: Authentication bypass in CEPH RadosGW
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1088993: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088993
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ceph
Version: 18.2.4+ds-10
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://tracker.ceph.com/issues/68836
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for ceph.
CVE-2024-48916[0]:
Authentication bypass in CEPH RadosGW
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-48916
https://www.cve.org/CVERecord?id=CVE-2024-48916
[1] https://tracker.ceph.com/issues/68836
[2] https://bugzilla.redhat.com/show_bug.cgi?id=2329846
[3] https://github.com/ceph/ceph/pull/60624
Please adjust the affected versions in the BTS as needed.
Regards,
Salvtore
--- End Message ---
--- Begin Message ---
Source: ceph
Source-Version: 18.2.4+ds-11
Done: Daniel Baumann <dan...@debian.org>
We believe that the bug you reported is fixed in the latest version of
ceph, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1088...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Baumann <dan...@debian.org> (supplier of updated ceph package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 04 Dec 2024 04:05:10 +0100
Source: ceph
Architecture: source
Version: 18.2.4+ds-11
Distribution: unstable
Urgency: medium
Maintainer: Ceph Packaging Team <team+c...@tracker.debian.org>
Changed-By: Daniel Baumann <dan...@debian.org>
Closes: 1088993
Changes:
ceph (18.2.4+ds-11) unstable; urgency=medium
.
* Cherry-picking patch from upstream to fix authentication bypass in rgw
(Closes: #1088993) [CVE-2024-48916].
Checksums-Sha1:
053dcdee4bac63b009e8d18fe02617012c35c582 8689 ceph_18.2.4+ds-11.dsc
8f21bc62519df1fd77e22dc38291590662e413e8 135488 ceph_18.2.4+ds-11.debian.tar.xz
dd35d7af551c59db6dc757a57a4ecfa950652ebe 46340
ceph_18.2.4+ds-11_amd64.buildinfo
Checksums-Sha256:
04d78af765e8bbc115e46cd6be847cd9a0f3007db61711deb7e98fd23e01f607 8689
ceph_18.2.4+ds-11.dsc
e254aaad0150eac80dd50bca9d79719c7f29ff66ae63046dd698b03b21859266 135488
ceph_18.2.4+ds-11.debian.tar.xz
88fad3c12ef20bf5da29a305c3a687cceee7ef0577deb449a132f7657e78f1e7 46340
ceph_18.2.4+ds-11_amd64.buildinfo
Files:
3bd5301bcc67ef8d7c723e563b904ede 8689 admin optional ceph_18.2.4+ds-11.dsc
9557d8f4832e2413aec1c258fb1f2a6c 135488 admin optional
ceph_18.2.4+ds-11.debian.tar.xz
4fe4daadc34387d81e134406b4c5f913 46340 admin optional
ceph_18.2.4+ds-11_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEgTbtJcfWfpLHSkKSVc8b+YaruccFAmdPzh8ACgkQVc8b+Yar
ucf1Zg//WvxYnS8CB4SPDWInB9sIolbfao2l9AQgjdXk2uMkhar/kSIn7VcoBimA
CM86wyH81FRQbWYxTFogluCMRL7FPXQSXhKPCNMcK5pcgH164keftvXOHhrqax1u
XtLEUhkqn5oSAkKDLj2AO7djg4auZAkQATiTMe7+eArSPqRU/TwHrSlQ9hz0col+
5bTFgvxB7vv/va2RQmhvDmEpwqed0g1gXkA5Peoro+/zMTzaULMMMCMdy5Opeliz
1zPVa82K8+uOHP+U8gofLB7fn4iyT027lxQRjFQ4ZgZ2BmoaNSYAPU6rKqDCd5tz
M4Q/zaSCDtmTHONkNxG6mZzRFroHyMwP0kmLWXEH0S3+hNG0lJEQVQoLoJP81YMG
l1uCsPjhg7Q8P1yzwvOxdtWz7vk1W+kALOA66ZBWEgiN5daMu3DefGcgWNuJUw8M
v/tS5WX+UiTR986bTHv7z0WAuk4oKL9XhTozI8BSW/7nd0On+9NVYje87zyxViB8
Qbt8gkPomDOKu4rGth47C/MXttbwJh6zkbQu27cutg+7yeqgz3cTMltdU38SkkRk
pzc3d8TcKqQ6bA+6V4cXyUrb74DK5DhcUa/DFJg/TUFEQlwpkOnri1NPBokO+xtg
y66Dc1PqLN3MeeZwtmbInXeduzGh1fLjRn4wd3FCfY5UrP9KF9o=
=QzDx
-----END PGP SIGNATURE-----
pgpQ4rl2MiJk2.pgp
Description: PGP signature
--- End Message ---
