Re: https://bugs.debian.org/1024932 ceph-base: ceph to root privilege escalation via ceph-crash.service CVE-2022-3650

To: Thomas Goirand <zigo@debian.org>, debian-lts@lists.debian.org
Subject: Re: https://bugs.debian.org/1024932 ceph-base: ceph to root privilege escalation via ceph-crash.service CVE-2022-3650
From: Sylvain Beucler <beuc@beuc.net>
Date: Sat, 3 Dec 2022 17:16:16 +0100
Message-id: <[🔎] 2c960ec3-a3a3-a7bb-32f8-5124820fa4d0@beuc.net>
In-reply-to: <7cb574fb-439d-2b00-e242-05c8268f80d1@debian.org>
References: <7cb574fb-439d-2b00-e242-05c8268f80d1@debian.org>

Hi Thomas,

ceph was added about 1 month ago in the tasks list; I referenced yournote there:

https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9487a265227c3d4181511570bdf61889ce4c8e2

Cheers!
Sylvain Beucler
Debian LTS Team

On 30/11/2022 14:46, Thomas Goirand wrote:

The patch is kind of trivial Python stuff backporting work. Can someonetake care of it in Buster? I'm currently building the Bullseye backportof the fix...

Reply to:

Prev by Date: Re: Status of buster/armel
Next by Date: Re: https://bugs.debian.org/1024932 ceph-base: ceph to root privilege escalation via ceph-crash.service CVE-2022-3650
Previous by thread: Re: Status of buster/armel
Next by thread: Re: https://bugs.debian.org/1024932 ceph-base: ceph to root privilege escalation via ceph-crash.service CVE-2022-3650
Index(es):
- Date
- Thread