[ubuntu/resolute-proposed] ceph 20.2.0-0ubuntu2 (Accepted)

Shafayat Hossain Majumder shafayat.majumder at canonical.com
Tue Mar 17 12:26:12 UTC 2026 

ceph (20.2.0-0ubuntu2) resolute; urgency=medium

  * SECURITY UPDATE: Improper certificate checking via Pybind
    - debian/patches/CVE-2024-31884.patch: Enforce ssl context validation to
      SMTP_SSL in src/pybind/mgr/alerts/module.py
    - CVE-2024-31884
  * SECURITY UPDATE: Denial of service by passing empty header argument
    - debian/patches/CVE-2024-47866.patch: Ensure `HTTP_X_AMZ_COPY_SOURCE`
      header is empty in src/rgw/rgw_op.cc
    - CVE-2024-47866

Date: Fri, 13 Mar 2026 13:24:53 -0400
Changed-By: Shafayat Hossain Majumder <shafayat.majumder at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ceph/20.2.0-0ubuntu2
-------------- next part --------------
Format: 1.8
Date: Fri, 13 Mar 2026 13:24:53 -0400
Source: ceph
Built-For-Profiles: derivative.ubuntu noudeb
Architecture: source
Version: 20.2.0-0ubuntu2
Distribution: resolute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Shafayat Hossain Majumder <shafayat.majumder at canonical.com>
Changes:
 ceph (20.2.0-0ubuntu2) resolute; urgency=medium
 .
   * SECURITY UPDATE: Improper certificate checking via Pybind
     - debian/patches/CVE-2024-31884.patch: Enforce ssl context validation to
       SMTP_SSL in src/pybind/mgr/alerts/module.py
     - CVE-2024-31884
   * SECURITY UPDATE: Denial of service by passing empty header argument
     - debian/patches/CVE-2024-47866.patch: Ensure `HTTP_X_AMZ_COPY_SOURCE`
       header is empty in src/rgw/rgw_op.cc
     - CVE-2024-47866
Checksums-Sha1:
 ee523912cdfb5d03b4fc4433d7bfb1b44835396d 7293 ceph_20.2.0-0ubuntu2.dsc
 1c1a9c4d6de1f215330b9d16ca00811348262e65 136832 ceph_20.2.0-0ubuntu2.debian.tar.xz
 8f387d0b3f129e8baf22fd6f7967e9a5aecd3ea7 25165 ceph_20.2.0-0ubuntu2_source.buildinfo
Checksums-Sha256:
 fc0aa9ebfb0e8d37b585b2b78cdcf92405436541574fc0624a426f8997ee987c 7293 ceph_20.2.0-0ubuntu2.dsc
 5464614b6a5db3abe762c5d191f023e9389bb2469c5e89df7e4f46dbe9a918ec 136832 ceph_20.2.0-0ubuntu2.debian.tar.xz
 df06fb8f6f7603876f0285d5f9f7f88b7125a6a8c822f1781ad048e65ba50797 25165 ceph_20.2.0-0ubuntu2_source.buildinfo
Files:
 cf703f9256b9baebb2d303c1f825bd06 7293 admin optional ceph_20.2.0-0ubuntu2.dsc
 c0773596ae8287d455f276c9db70a10b 136832 admin optional ceph_20.2.0-0ubuntu2.debian.tar.xz
 2f96cbfce3f56f58c7e721d25419816a 25165 admin optional ceph_20.2.0-0ubuntu2_source.buildinfo
Original-Maintainer: Ceph Packaging Team <team+ceph at tracker.debian.org>

More information about the Resolute-changes mailing list