Bug 246019 - net/ceph14: security update to 14.2.9
Summary: net/ceph14: security update to 14.2.9
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Dima Panov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-29 06:11 UTC by Dima Panov
Modified: 2020-05-06 14:38 UTC (History)
1 user (show)

See Also:
fluffy: maintainer-feedback+


Attachments
net/ceph14: security update to 14.2.9 (1.49 KB, patch)
2020-04-29 06:11 UTC, Dima Panov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dima Panov freebsd_committer 2020-04-29 06:11:32 UTC
Created attachment 213901 [details]
net/ceph14: security update to 14.2.9

Notable Changes
CVE-2020-1759: Fixed nonce reuse in msgr V2 secure mode
CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting

vuxml: 5b6bc863-89dc-11ea-af8b-00155d0a0200
Comment 1 Dima Panov freebsd_committer 2020-04-29 06:13:51 UTC
Comment on attachment 213901 [details]
net/ceph14: security update to 14.2.9

corry. copy/paste error with numbers
Comment 2 Willem Jan Withagen 2020-05-06 12:30:11 UTC
(In reply to Dima Panov from comment #0)

Thanx for adding those.

--WjW
Comment 3 commit-hook freebsd_committer 2020-05-06 14:37:59 UTC
A commit references this bug:

Author: fluffy
Date: Wed May  6 14:37:38 UTC 2020
New revision: 534177
URL: https://svnweb.freebsd.org/changeset/ports/534177

Log:
  net/ceph14: security update to 14.2.9

  CVE-2020-1759: Fixed nonce reuse in msgr V2 secure mode
  CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting

  PR:		246019
  Submitted by:	fluffy
  Approved by:	maintainer
  Relnotes:	https://ceph.io/releases/v14-2-9-nautilus-released/
  Security:	5b6bc863-89dc-11ea-af8b-00155d0a0200
  Security:	CVE-2020-1759, CVE-2020-1760

Changes:
  head/net/ceph14/Makefile
  head/net/ceph14/distinfo
  head/net/ceph14/files/file-git_version