[Bug 1783706] Re: [MIR] oath-toolkit
Seth Arnold
1783706 at bugs.launchpad.net
Wed Oct 31 19:42:53 UTC 2018
On Wed, Oct 31, 2018 at 10:46:31AM -0000, James Page wrote:
> Right now we have a bit of a situation in that Ceph in bionic is 12.2.7
> and Ceph in the cosmic release pocket is 12.2.4 which creates issues
> with upgrades (bug 1800526) so we need to resolve this one way or the
> other fairly quickly.
>
> If there is not a path forward that involves use of oath-toolkit from
> Ceph, then we need to switch back to the 12.2.x series to resolve the
> current issues with upgrades whilst this is resolved.
Thanks for the detailed explanation, James.
I'll raise my concerns with oath-toolkit to the ceph security team.
Hopefully we can find a solution before 20.04 LTS.
Security team ACK on promoting liboath0 to main.
I'd really like to keep the other binary packages in universe. I know
this is a hassle. But I don't think we want this PAM module installed
by accident.
Thanks
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to oath-toolkit in Ubuntu.
https://bugs.launchpad.net/bugs/1783706
Title:
[MIR] oath-toolkit
Status in oath-toolkit package in Ubuntu:
New
Bug description:
[Availability]
In universe
[Rationale]
New dependency for ceph (radosgw)
[Security]
One CVE found:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7322
Resolved in versions in Ubuntu
[Quality assurance]
Upstream tests run as part of package build.
[Dependencies]
All in main
[Standards compliance]
Older style CDBS package but OK.
[Maintenance]
Two non-maintainer uploads in Debian; A new point release is available from 2016
ubuntu-openstack team in Ubuntu
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/oath-toolkit/+bug/1783706/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list