Comment 96 for bug 1823200

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cinder - 2:12.0.9-0ubuntu1.2

---------------
cinder (2:12.0.9-0ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure
    (LP: #1823200)
    - debian/patches/CVE-2020-10755.patch: Remove VxFlex OS credentials
      from connection_properties. Passwords are now stored in separate file
      and are retrieved during each attach/detach operation.
    - d/control: Align (Build-)Depends with min version of python3-os-brick
      required to fix credential exposure.
    - CVE-2020-10755

 -- Corey Bryant <email address hidden> Tue, 23 Jun 2020 15:58:12 -0400