[ubuntu-cloud-archive/ussuri-proposed] tcmu (Accepted)
Corey Bryant
corey.bryant at canonical.com
Wed Feb 10 14:21:54 UTC 2021
tcmu (1.5.2-5ubuntu0.20.04.1~cloud0) bionic-ussuri; urgency=medium
.
* New update for the Ubuntu Cloud Archive.
.
tcmu (1.5.2-5ubuntu0.20.04.1) focal-security; urgency=medium
.
* SECURITY UPDATE: Access control bypass vulnerability
- debian/patches/CVE-2021-3139_1.patch: fail cross-device XCOPY requests.
- debian/patches/CVE-2021-3139_2.patch: fail XCOPY requests with inline
data.
- debian/patches/CVE-2021-3139_3.patch: don't assume two XCOPY CSCDs.
- debian/patches/CVE-2021-3139_4.patch: error if both src/dst_dev are unset
after CSCD.
- CVE-2021-3139
Date: Wed, 27 Jan 2021 20:37:35 +0000
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot at ubuntu.com>
Signed-By: Openstack Ubuntu Testing Bot
Published-By: Corey Bryant <corey.bryant at canonical.com>
More information about the Cloud-archive-changes
mailing list