Cinder

  1. Series rocky
  2. Bug #1823200
  3. Comment #112

Comment 112 for bug 1823200

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package cinder - 2:13.0.9-0ubuntu1~cloud1.1
---------------

 cinder (2:13.0.9-0ubuntu1~cloud1.1) bionic-rocky; urgency=medium
 .
   * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure
     (LP: #1823200)
     - debian/patches/CVE-2020-10755.patch: Remove VxFlex OS credentials
       from connection_properties. Passwords are now stored in separate file
       and are retrieved during each attach/detach operation.
     - d/control: Align (Build-)Depends with min version of python3-os-brick
       required to fix credential exposure.
     - CVE-2020-10755
   * d/control: Add python3-sqlalchemy-utils Build-Depends to enable successful
     test execution.