Your message dated Mon, 08 Jun 2026 20:20:15 +0000
with message-id <[email protected]>
and subject line Bug#1126573: fixed in ceph 18.2.7+ds-1+deb13u1
has caused the Debian Bug report #1126573,
regarding ceph: CVE-2024-31884
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1126573: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126573
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ceph
Version: 18.2.7+ds-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/ceph/ceph/pull/66142
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for ceph.
CVE-2024-31884[0]:
| Incorrect usage of certificate checking via Pybind use
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-31884
https://www.cve.org/CVERecord?id=CVE-2024-31884
[1] https://github.com/ceph/ceph/pull/66142
[2] https://github.com/ceph/ceph/security/advisories/GHSA-xj9f-7g59-m4jxo
[3] https://github.com/ceph/ceph/commit/5081933c9a0068fe9deba4fca2d943bda3168518
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ceph
Source-Version: 18.2.7+ds-1+deb13u1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ceph, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated ceph package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 10 May 2026 21:17:37 +0200
Source: ceph
Architecture: source
Version: 18.2.7+ds-1+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Ceph Packaging Team <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1120797 1126573
Changes:
ceph (18.2.7+ds-1+deb13u1) trixie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* mgr/alerts: enforce ssl context to SMTP_SSL (CVE-2024-31884)
(Closes: #1126573)
* Check if `HTTP_X_AMZ_COPY_SOURCE` header is empty (CVE-2024-47866)
(Closes: #1120797)
Checksums-Sha1:
50da72bc51258f76a8a47ee834a203364ba38677 8870 ceph_18.2.7+ds-1+deb13u1.dsc
452fe1267ab61f81bf3d4111767964dd8a44a57a 148306992 ceph_18.2.7+ds.orig.tar.xz
479a26deb7955855b0c412a4b70d3a3c5424ded5 141944
ceph_18.2.7+ds-1+deb13u1.debian.tar.xz
d11130885dfc400cdb3ddd31eeb04982a3876795 8045
ceph_18.2.7+ds-1+deb13u1_source.buildinfo
Checksums-Sha256:
97a25e3d292c8004e5b7e98307d3f178583f61e5840354638b420a12114b5e8d 8870
ceph_18.2.7+ds-1+deb13u1.dsc
71c0795fa0d6312ec7b57dee4031559b7e62e086a78e6ae1ad8549e0b351e28f 148306992
ceph_18.2.7+ds.orig.tar.xz
968e551356cb2ee212da405409b32f61545d9e43306fca5a0a1e5d2988c2844f 141944
ceph_18.2.7+ds-1+deb13u1.debian.tar.xz
7a9beb522c890179dfb98400372478cbcb785ac74558267fe56a8e024d10c5d1 8045
ceph_18.2.7+ds-1+deb13u1_source.buildinfo
Files:
ee9a9467628342aa95f5890ef466078b 8870 admin optional
ceph_18.2.7+ds-1+deb13u1.dsc
2788cb630bf061763d893e4fea8c23a0 148306992 admin optional
ceph_18.2.7+ds.orig.tar.xz
f4e74b2970c6bcf95bff30edbf5ca06d 141944 admin optional
ceph_18.2.7+ds-1+deb13u1.debian.tar.xz
2123d25828edb4450022730feae7b509 8045 admin optional
ceph_18.2.7+ds-1+deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmoJziNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EqoIP/RZbkNPMzW8T+9eNNvv4rMzIPmuGN+Z0
ZAv/xAPEuwTb6cjKnARIIwqmyagdRHQIlN4Za2k6vfYPA+VHfMIMqVjwvDiZgmsh
HUh8wh9WBjmgawWnucONXf4ssuUIISZ/SK75AhQzkFHIX575djir3OdMz5DWLMet
YJBxP1m9Vgp+3jTyQ+Oq7ZZZf5i7Zlm9JrFfU/R2+Hw3yVRG/kXuTN1kvBHSI2hK
qlkX11wKmoMxtcp6hfv2KzOS49UWh40vf+145Bxf3yzq0ijmBlfpDRAQbOWfW9eC
Z1iB+8jSFxi3wa5bX3eWMqIgmddp9EzODo7fr6Je5gSBlGXXahwxUY71YFdSWmQw
Z+rILxBujYTStpHgcd5DRiPuOUTDis7d6uExOZXkIa4QPP7zIiTebCU7IbQK/Dwp
gXYRUzHMlaAn8EVE3DIkepmbvhCrGS8to+z4JEsWofGRpHY3VnJ6ym4KVfiJ36z1
dynGKsEZyDFd8F5VdUuWVamtPvrDv0FbAfxOY9lxbfXMR9wwjNGwm9SZtCbux0Iu
jdHDQv3gFYL82wlKaMQ0GtL+51Q/7D5WpxfKwJVPgR4pGVnu203JqxfeVhuDyhkO
gHbtXH4bMV+xVkpmIwkSkeKkFNUG2crDscXVWfHEefhN9emJ1mzlj4gm5EPUbW2Y
gVqIwVG1sJVh
=TGrf
-----END PGP SIGNATURE-----
pgpmjKNbH_x8R.pgp
Description: PGP signature
--- End Message ---
