Comment 6 for bug 1929179

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ceph - 15.2.12-0ubuntu0.20.04.1

---------------
ceph (15.2.12-0ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: New upstream release (LP: #1929179):
    - CVE-2021-3509: Dashboard XSS via token cookie.
    - CVE-2021-3531: Swift API denial of service.
    - CVE-2021-3531: HTTP header injects via CORS in RGW.

 -- James Page <email address hidden> Mon, 24 May 2021 16:07:20 +0100