Hi Thomas, On Mon, Oct 09, 2023 at 05:53:29PM +0200, Thomas Goirand wrote: > On 10/8/23 21:58, Salvatore Bonaccorso wrote: > > Source: ceph > > Version: 16.2.11+ds-4 > > Severity: important > > Tags: security upstream > > Forwarded: https://github.com/ceph/ceph/pull/53714 > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > <t...@security.debian.org> > > > > Hi, > > > > The following vulnerability was published for ceph. > > > > CVE-2023-43040[0]: > > | Improperly verified POST keys > > > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2023-43040 > > https://www.cve.org/CVERecord?id=CVE-2023-43040 > > [1] https://www.openwall.com/lists/oss-security/2023/09/26/10 > > [2] https://github.com/ceph/ceph/pull/53714 > > > > Please adjust the affected versions in the BTS as needed. > > > > Regards, > > Salvatore > > Hi Salvatore, > > Do you think this deserves a DSA, or should I deal with the stable release > team? > > FYI, Sid is fixed, and I built already the update for bookworm (but didn't > upload as I need your input as per above).
Sorry for the late reply (due to various reasons). No the issue does not warrant a DSA and might be fixed in the next point releases (if so that would be very welcome!). Regards, Salvatore