Re: https://bugs.debian.org/1024932 ceph-base: ceph to root privilege escalation via ceph-crash.service CVE-2022-3650

To: Thomas Goirand <zigo@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: https://bugs.debian.org/1024932 ceph-base: ceph to root privilege escalation via ceph-crash.service CVE-2022-3650
From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date: Sun, 4 Dec 2022 20:53:30 +0530
Message-id: <[🔎] CAPP0f97hsOP6DXyYVK9HsRfpL=HObt9jZrHqezV0E7cZpNCeEQ@mail.gmail.com>
In-reply-to: <7cb574fb-439d-2b00-e242-05c8268f80d1@debian.org>
References: <7cb574fb-439d-2b00-e242-05c8268f80d1@debian.org>

Hi Thomas,

On Wed, Nov 30, 2022 at 7:17 PM Thomas Goirand <zigo@debian.org> wrote:
> The patch is kind of trivial Python stuff backporting work. Can someone
> take care of it in Buster? I'm currently building the Bullseye backport
> of the fix...

The LTS time is trying to reduce the queue and a big piece of that
work is clearing packages that have a lot of CVEs piled up.

There are about 15 CVEs affecting ceph in buster at the moment, which
makes the next update a big one. I am happy to work on that if you'll
have some time to review and test the update. Let me know if that's
something you could do. Thanks!

- u

Reply to:

Prev by Date: Re: https://bugs.debian.org/1024932 ceph-base: ceph to root privilege escalation via ceph-crash.service CVE-2022-3650
Next by Date: Re: [Pkg-clamav-devel] Clamav Package
Previous by thread: Re: https://bugs.debian.org/1024932 ceph-base: ceph to root privilege escalation via ceph-crash.service CVE-2022-3650
Next by thread: Re: [Pkg-clamav-devel] Clamav Package
Index(es):
- Date
- Thread