Comment 8 for bug 1904015

Revision history for this message
Goutham Pacha Ravi (gouthamr) wrote :

Hello all,

Thank you for your patience with this issue. This morning, we finished our embargo period on this bug. MITRE will be notified about the patch submissions to the Ceph project - at which point the CVE page [1] will be available publicly. These are the associated patch links:

Ceph Octopus:
Ceph Nautilus:
Ceph Luminous:

You will see these show up in releases of Ceph Octopus and Ceph Nautilus. The patch to Luminous has been provided for courtesy, the ceph community no longer produces updates for that release. Please see the Ceph Release Guide for more information on the Ceph release train [2].

I'm now converting this bug to "Public", and since there are no changes to OpenStack Manila code that are necessary, you will see me publishing a security note to the mailing lists with details about this vulnerability and recommendations.

The OpenStack Security Note is under review here: