Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted ceph 16.2.15+ds-0+deb12u2 (source) into oldstable-security
Date: Wed, 03 Jun 2026 20:58:52 +0000
Signed by: Salvatore Bonaccorso <carnil@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 16 May 2026 14:52:24 +0200
Source: ceph
Architecture: source
Version: 16.2.15+ds-0+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Ceph Packaging Team <team+ceph@tracker.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1108410 1120797 1126573
Changes:
 ceph (16.2.15+ds-0+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * mgr/alerts: enforce ssl context to SMTP_SSL (CVE-2024-31884)
     (Closes: #1126573)
   * Check if `HTTP_X_AMZ_COPY_SOURCE` header is empty (CVE-2024-47866)
     (Closes: #1120797)
   * client: disallow unprivileged users to escalate root privileges
     (CVE-2025-52555) (Closes: #1108410)
   * client: prohibit unprivileged users from setting sgid/suid bits
Checksums-Sha1:
 fd4bb40347a386f856859029fe32d4af1bfc21c5 8303 ceph_16.2.15+ds-0+deb12u2.dsc
 64dcd07cfa5a90f442fecbaf00f0d80b1e5fb128 122268 ceph_16.2.15+ds-0+deb12u2.debian.tar.xz
 d88337c5765145b9f063e563802b64261517c8cb 7447 ceph_16.2.15+ds-0+deb12u2_source.buildinfo
Checksums-Sha256:
 665b3d321903f15aaacfd628f4532a2c0a8cd3632edfb248c43c4b9c7f084fb6 8303 ceph_16.2.15+ds-0+deb12u2.dsc
 f7bfc23cb70b8567b1b21bcedbcfb963029b13ccd3a598dd967db0d4774da3aa 122268 ceph_16.2.15+ds-0+deb12u2.debian.tar.xz
 ce51201e620bda42ad90c84a6e1e7d9c045eba3decd19bb59f7434e98179ca56 7447 ceph_16.2.15+ds-0+deb12u2_source.buildinfo
Files:
 b36ef720fa43aa291df017055749a482 8303 admin optional ceph_16.2.15+ds-0+deb12u2.dsc
 664c96964795d2a44890db041d167214 122268 admin optional ceph_16.2.15+ds-0+deb12u2.debian.tar.xz
 19e95a9582572847a02fc20e988c6bf9 7447 admin optional ceph_16.2.15+ds-0+deb12u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmoJzk9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EmBwQAJX33+4rmUC042IIBgMmmR4yCapG9cJc
1h3YLJO+mmptfwP0svgDPEQIlv23NB1j3EigznpAadiDy9cYUNmcC0lEiLf/eNTS
LYCivlI+znqv60elQ4vJQ6/eHBMvRBLeL9QIPcDc3HAPscq1HeE0vcIIdQOw93dz
bspeoV1A7W0TKjZlBBnkWhY25UGtqc5hpic31kQAaeWxLE4NA11v5OvKti+ll36f
NpKfkc1AQoDURQAvHmfP8nKdqQF013VmhwlLYlJe0bZEfrUIZW09h6Z1rSua7i+W
H07MhVnqrip/D1TuImqNkdFsPkMNmzz0MIuoJf/SkOQN+PmA46OYblPTXzirL4xM
xtoOofgEhavlJz6o8XBdyeKKKikvMROHdjyTV9Jypyd+q6YOE7Wag/isnvdH0OeK
9ELdG+HDleZN2RamRuA4Vhu3zrifZ3nobGkyPUgcQxIGutGe7nPvIsPXOgV2yBdz
7p8lVwMcp+dlz4EjvtKrsxXqDooasI/hQJH4MwzH9Im7lhnKUxv6F8kVrhAH7rL0
ealVKPgZ/vHe3yGjvbwnzf6DRSioRZnWUIRdq0fEjQi/urkuyhZ2w9Wjsb0BtfVu
VRNh1QJ6fQ03ynJDIaW6iPRi0hpRafoIbU6luNHX78w5330fV1HfOw6EijTDKSWr
G3gF4vEDQZht
=BTqN
-----END PGP SIGNATURE-----
News for package ceph
