This bug was fixed in the package ceph - 15.2.12-0ubuntu0.20.10.1 --------------- ceph (15.2.12-0ubuntu0.20.10.1) groovy-security; urgency=medium
* SECURITY UPDATE: New upstream release (LP: #1929179): - CVE-2021-3509: Dashboard XSS via token cookie. - CVE-2021-3531: Swift API denial of service. - CVE-2021-3531: HTTP header injects via CORS in RGW. -- James Page <james.p...@ubuntu.com> Mon, 24 May 2021 16:05:29 +0100 ** Changed in: ceph (Ubuntu Groovy) Status: Triaged => Fix Released ** Changed in: ceph (Ubuntu Focal) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1929179 Title: [SRU] ceph 15.2.12 To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1929179/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs