Bug 27244

Summary: ceph has security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Chris Denice <eatdirt>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: ceph CVE:
Status comment:

Description David Walser 2020-09-04 17:57:12 CEST 
Chris, similar to Bug 26362 for slurm, you've imported ceph late in the release cycle and we haven't been tracking security bugs since it has been dropped.  Just looking back through this year's advisories, I find the following issues.  Please keep up with this package's security issues in the future.

CVE-2020-10753
https://www.openwall.com/lists/oss-security/2020/06/25/5
https://lists.opensuse.org/opensuse-security-announce/2020-06/msg00062.html
https://access.redhat.com/errata/RHSA-2020:3505
https://access.redhat.com/errata/RHSA-2020:3504
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFU7LXEL2UZE565FJBTY7UGH2O7ZUBVS/
CVE-2020-10736
https://www.openwall.com/lists/oss-security/2020/05/19/1
CVE-2020-12059
https://lists.suse.com/pipermail/sle-security-updates/2020-April/006768.html
CVE-2020-1760
https://www.openwall.com/lists/oss-security/2020/04/07/1
https://www.debian.org/lts/security/2020/dla-2171
https://access.redhat.com/errata/RHSA-2020:3003
CVE-2020-1759
https://www.openwall.com/lists/oss-security/2020/04/07/2
https://lists.opensuse.org/opensuse-security-announce/2020-04/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/
CVE-2020-1716
https://access.redhat.com/errata/RHSA-2020:2231
CVE-2020-1700
https://www.openwall.com/lists/oss-security/2020/01/31/2
https://ubuntu.com/security/notices/USN-4304-1
CVE-2020-1699
https://lists.opensuse.org/opensuse-security-announce/2020-02/msg00009.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/
Comment 1 Chris Denice 2020-09-07 20:10:37 CEST 
Going through the list, I see that the fixes have been all pushed to our version 15.2.4, but others will come for sure.

I am closing for the time being then.

Resolution: (none) => FIXED
Status: NEW => RESOLVED