-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 27 Jul 2022 09:30:47 +0200 Source: ceph Architecture: source Version: 16.2.10+ds-1 Distribution: unstable Urgency: high Maintainer: Ceph Packaging Team <team+ceph@tracker.debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Closes: 1016069 Changes: ceph (16.2.10+ds-1) unstable; urgency=high . * New upstream hotfix release: - CVE-2022-0670: Users who were running OpenStack Manila to export native CephFS, who upgraded their Ceph cluster from Nautilus (or earlier) to a later major version, were vulnerable to an attack by malicious users (Closes: #1016069). - A regression made it possible to dereference a null pointer for for s3website requests that don’t refer to a bucket resulting in an RGW segfault. * Add fix-FTBFS-include-memory.h.patch to address FTBFS under GCC 12. Checksums-Sha1: 867dcd271fb80fda3e9dfb7f09fd2e2c4fbc8637 8176 ceph_16.2.10+ds-1.dsc e80d98af2de324ef3c547929200b880a46e1be4d 108636252 ceph_16.2.10+ds.orig.tar.xz cb38d83ddea5980fe76045476c6db791eadbb25c 117864 ceph_16.2.10+ds-1.debian.tar.xz ef081537159598e4dc294be041210131a1a6e68d 41581 ceph_16.2.10+ds-1_amd64.buildinfo Checksums-Sha256: 08af6897f9d540ba2dbd535ccfe3c5967742b5e45fdb411de08d2b588b9b2f46 8176 ceph_16.2.10+ds-1.dsc d7edf185fbfbc87d98c8a1a374588eb025d9abe29a349fb50988ca62974030b1 108636252 ceph_16.2.10+ds.orig.tar.xz 6d4263b6491044b0e6ec060378827179e87cf3508c015787d5b6a224521068f2 117864 ceph_16.2.10+ds-1.debian.tar.xz 298e9738945d39dca9124d932f030f2db615cd20613af9283f36dc52d9b1f99e 41581 ceph_16.2.10+ds-1_amd64.buildinfo Files: 97937fddc1d852c2c5ce1f89954dda59 8176 admin optional ceph_16.2.10+ds-1.dsc 8304132781a5930c33a59ac16968174e 108636252 admin optional ceph_16.2.10+ds.orig.tar.xz 2d831937c9c612129f9057c2302e3258 117864 admin optional ceph_16.2.10+ds-1.debian.tar.xz a35522f00651d1ac844322b919dfdebf 41581 admin optional ceph_16.2.10+ds-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmLhJ1sACgkQ1BatFaxr Q/7meA/9EjEOfxeoeKGLgUcxycpOKhJ8FTKZDOJW2nz63o5/8BT8/nopuD80+Ane n4ObvN0aKbrbBwvOgaf472/3yBO9PsIQFx+09oxMNqHkHJ1a/vUiuMcSniO+bDcB F22DR9GZ5QOQyD3xV6z0PAQGDRup7DT4J/+0LwqmSRIIl54tbZsVzOixlqvWqHnl vYuwemhrMLe43oCc/Fujr1a+vhzsMszPXxf3EiuvDXgEoTEJItq5pE+kcNeiiRMZ rirIVixiGSWTjlidEUCTV/WvwKDLTMBm69xWPwwM4idr7jREQW01r7ieCH12k/fO xlhSvJHaOhaZWnpKtWgaxXwYu3rOUWrgQ1LYwHdaIaSQ5exUuO8hhfQaxE9kR/ox NfXBA+ULPcfWAl/57KJPPOu3AE9i+zdtYDe2ki5O9YS+PImXs4rGtCTwfNUv6np1 AOZGEXjt9Q1/rQK0pXeh2Rd8mqBwAT9KqgaBwq4Xl2NfGiuOWdrmctuWNdz+Ri+/ dGDwmt2xB+laVneMUCZZwh6zEVgD/bXTYc2bJFlIzRW1MGeUxR4zxyGOJEfiu4UC DzvCY8WVjm0xJ/FkovqtqEX9DiC2VeSdvqV5djiLvv0itwEAoNIgTN6eGuxAcSxM GR9Y4rBJOJv/fBqFuH0cGaEM8vwWmEVgVyy4twaIjEcqiiNce0U= =EWVN -----END PGP SIGNATURE-----