Ubuntu
cinder package

  1. Focal (20.04)
  2. Bug #1823200
  3. Comment #95

Comment 95 for bug 1823200

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cinder - 2:16.1.0-0ubuntu1

---------------
cinder (2:16.1.0-0ubuntu1) focal-security; urgency=medium

  [ Chris MacNaughton ]
  * New stable point release for OpenStack Ussuri (LP: #1883879).

  [ Corey Bryant ]
  * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure
    (LP: #1823200)
    - Remove VxFlex OS credentials from connection_properties. Passwords are
      now stored in separate file and are retrieved during each attach/detach
      operation. Cinder is patched in 16.1.0 stable point release.
    - d/control: Align (Build-)Depends with min version of python3-os-brick
      required to fix credential exposure.
    - CVE-2020-10755

 -- Corey Bryant <email address hidden> Tue, 23 Jun 2020 16:52:33 -0400