Bug 246019

Summary: net/ceph14: security update to 14.2.9
Product: Ports & Packages Reporter: Dima Panov <fluffy>
Component: Individual Port(s)Assignee: Dima Panov <fluffy>
Status: Closed FIXED    
Severity: Affects Many People CC: wjw
Priority: --- Flags: fluffy: maintainer-feedback+
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
net/ceph14: security update to 14.2.9 none

Description Dima Panov freebsd_committer 2020-04-29 06:11:32 UTC
Created attachment 213901 [details]
net/ceph14: security update to 14.2.9

Notable Changes
CVE-2020-1759: Fixed nonce reuse in msgr V2 secure mode
CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting

vuxml: 5b6bc863-89dc-11ea-af8b-00155d0a0200
Comment 1 Dima Panov freebsd_committer 2020-04-29 06:13:51 UTC
Comment on attachment 213901 [details]
net/ceph14: security update to 14.2.9

corry. copy/paste error with numbers
Comment 2 Willem Jan Withagen 2020-05-06 12:30:11 UTC
(In reply to Dima Panov from comment #0)

Thanx for adding those.

--WjW
Comment 3 commit-hook freebsd_committer 2020-05-06 14:37:59 UTC
A commit references this bug:

Author: fluffy
Date: Wed May  6 14:37:38 UTC 2020
New revision: 534177
URL: https://svnweb.freebsd.org/changeset/ports/534177

Log:
  net/ceph14: security update to 14.2.9

  CVE-2020-1759: Fixed nonce reuse in msgr V2 secure mode
  CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting

  PR:		246019
  Submitted by:	fluffy
  Approved by:	maintainer
  Relnotes:	https://ceph.io/releases/v14-2-9-nautilus-released/
  Security:	5b6bc863-89dc-11ea-af8b-00155d0a0200
  Security:	CVE-2020-1759, CVE-2020-1760

Changes:
  head/net/ceph14/Makefile
  head/net/ceph14/distinfo
  head/net/ceph14/files/file-git_version