Re: https://bugs.debian.org/1024932 ceph-base: ceph to root privilege escalation via ceph-crash.service CVE-2022-3650
Hi Thomas,
On Wed, Nov 30, 2022 at 7:17 PM Thomas Goirand <zigo@debian.org> wrote:
> The patch is kind of trivial Python stuff backporting work. Can someone
> take care of it in Buster? I'm currently building the Bullseye backport
> of the fix...
The LTS time is trying to reduce the queue and a big piece of that
work is clearing packages that have a lot of CVEs piled up.
There are about 15 CVEs affecting ceph in buster at the moment, which
makes the next update a big one. I am happy to work on that if you'll
have some time to review and test the update. Let me know if that's
something you could do. Thanks!
- u
Reply to: