[Bug 1883879] Re: [SRU] ussuri stable releases

Launchpad Bug Tracker 1883879 at bugs.launchpad.net
Tue Jul 7 14:11:36 UTC 2020 

This bug was fixed in the package cinder - 2:16.1.0-0ubuntu1

---------------
cinder (2:16.1.0-0ubuntu1) focal-security; urgency=medium

  [ Chris MacNaughton ]
  * New stable point release for OpenStack Ussuri (LP: #1883879).

  [ Corey Bryant ]
  * SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure
    (LP: #1823200)
    - Remove VxFlex OS credentials from connection_properties. Passwords are
      now stored in separate file and are retrieved during each attach/detach
      operation. Cinder is patched in 16.1.0 stable point release.
    - d/control: Align (Build-)Depends with min version of python3-os-brick
      required to fix credential exposure.
    - CVE-2020-10755

 -- Corey Bryant <corey.bryant at canonical.com>  Tue, 23 Jun 2020 16:52:33
-0400

** Changed in: cinder (Ubuntu Focal)
       Status: Triaged => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-10755

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to cinder in Ubuntu.
https://bugs.launchpad.net/bugs/1883879

Title:
   [SRU] ussuri stable releases

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive ussuri series:
  In Progress
Status in cinder package in Ubuntu:
  Invalid
Status in cinder source package in Focal:
  Fix Released

Bug description:
  [Impact]
  This release sports mostly bug-fixes and we would like to make sure all of our supported customers have access to these improvements. The update contains the following package updates:

  cinder 16.1.0

  [Test Case]
  The following SRU process was followed:
  https://wiki.ubuntu.com/OpenStackUpdates

  In order to avoid regression of existing consumers, the OpenStack team
  will run their continuous integration test against the packages that
  are in -proposed. A successful run of all available tests will be
  required before the proposed packages can be let into -updates.

  The OpenStack team will be in charge of attaching the output summary
  of the executed tests. The OpenStack team members will not mark
  ‘verification-done’ until this has happened.

  ****** Important for testing *******
  Testing will require focal-proposed + https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa to pick up the new version of python-os-brick.

  Once the python-os-brick is in focal-security we can backport it to ussuri-proposed and test it with cinder in the cloud archive.
  *********************************

  [Regression Potential]
  In order to mitigate the regression potential, the results of the
  aforementioned tests are attached to this bug.

  [Discussion]

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1883879/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list