summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2021-06-02 07:38:59 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2021-06-02 07:38:59 +0000
commit857f1c1b660b7fc35c195d1a796feed214a03af1 (patch)
tree54051c39383d6acd48628fd0ebaa92e2cd5bc0cd
parentMerging upstream version 14.2.21. (diff)
downloadceph-857f1c1b660b7fc35c195d1a796feed214a03af1.tar.xz
ceph-857f1c1b660b7fc35c195d1a796feed214a03af1.zip
Merging debian version 14.2.21-1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/changelog10
1 files changed, 10 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 72326d25..659500a8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+ceph (14.2.21-1) unstable; urgency=high
+
+ * New upstream release, resolving these:
+ - CVE-2021-3509: Cross Site Scripting via token Cookie (Closes: #988888).
+ - CVE-2021-3524: injection of HTTP headers via a CORS ExposeHeader tag in
+ the Ceph Storage RadosGW (Closes: #988889).
+ - CVE-2021-3531: RadosGW denial of service (crash) (Closes: #988890).
+
+ -- Thomas Goirand <zigo@debian.org> Thu, 27 May 2021 12:04:21 +0200
+
ceph (14.2.20-2~progress5+u1) engywuck-backports; urgency=medium
* Uploading to engywuck-backports, remaining changes: