Bug#985885: unblock: ceph/14.2.18-1 (CVE-2020-27839)

To: Thomas Goirand <zigo@debian.org>, 985885@bugs.debian.org
Subject: Bug#985885: unblock: ceph/14.2.18-1 (CVE-2020-27839)
From: Sebastian Ramacher <sramacher@debian.org>
Date: Thu, 25 Mar 2021 12:41:24 +0100
Message-id: <[🔎] YFx25NwS1k0aaKvt@ramacher.at>
Reply-to: Sebastian Ramacher <sramacher@debian.org>, 985885@bugs.debian.org
In-reply-to: <[🔎] 161667077153.30754.7619539161221538193.reportbug@zbuz.infomaniak.ch>
References: <[🔎] 161667077153.30754.7619539161221538193.reportbug@zbuz.infomaniak.ch> <[🔎] 161667077153.30754.7619539161221538193.reportbug@zbuz.infomaniak.ch>

Control: tags -1 moreinfo

On 2021-03-25 12:12:51 +0100, Thomas Goirand wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package ceph
> 
> This is the point release of the 14.2.x series from upstream, which includes a
> fix for CVE-2020-27839 (XSS in the dashboard). I didn't even atempted to build
> a debdiff, considering the size of the orig.tar.gz (ie: 124 MB), so I'm not
> attaching it, though as it's still the stable branch, it contains only
> bugfixes.

 526 files changed, 8568 insertions(+), 2246 deletions(-)

I understand that it's important to get that CVE fixed in bullseye, but
that's simply to much to blindly accept. Please provide a filtered
debdiff with an explanation on the other changes that are also included
in this release.

Cheers
-- 
Sebastian Ramacher

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Bug#985885: unblock: ceph/14.2.18-1 (CVE-2020-27839)
  - From: Thomas Goirand <zigo@debian.org>

Prev by Date: Bug#985885: unblock: ceph/14.2.18-1 (CVE-2020-27839)
Next by Date: Processed: Re: Bug#985885: unblock: ceph/14.2.18-1 (CVE-2020-27839)
Previous by thread: Bug#985885: unblock: ceph/14.2.18-1 (CVE-2020-27839)
Next by thread: Processed: Re: Bug#985885: unblock: ceph/14.2.18-1 (CVE-2020-27839)
Index(es):
- Date
- Thread