Publishing details
-
Removed from disk
.
-
Removal requested
.
-
Deleted
by Marc Deslauriers
-
Published
Changelog
ceph (12.2.13-0ubuntu0.18.04.4) bionic-security; urgency=medium
* SECURITY UPDATE: XSS attacks
- debian/patches/CVE-2020-1760-1.patch: reject unauthenticated
response-header actions in src/rgw/rgw_rest_s3.cc.
- debian/patches/CVE-2020-1760-2.patch: change EPERM to
ERR_INVALID_REQUEST in src/rgw/rgw_rest_s3.cc.
- debian/patches/CVE-2020-1760-3.patch: reject control characters in
response-header actions in src/rgw/rgw_rest_s3.cc.
- CVE-2020-1760
* SECURITY UPDATE: HTTP header injection
- debian/patches/CVE-2020-10753.patch: sanitize newlines in
src/rgw/rgw_cors.cc.
- CVE-2020-10753
* SECURITY UPDATE: DoS via invalid tagging XML
- debian/patches/CVE-2020-12059.patch: check for tagging element in
src/rgw/rgw_rest_s3.cc.
- CVE-2020-12059
-- Marc Deslauriers <email address hidden> Wed, 09 Sep 2020 08:51:41 -0400
Builds
Package files