Package "ceph"

  ceph (17.2.7-0ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Authentication bypass through unsupported JWT algorithm.
    - debian/patches/CVE-2024-48916.patch: Disallow unsupported JWT algorithms
      in src/rgw/rgw_rest_sts.cc.
    - CVE-2024-48916

 -- Hlib Korzhynskyy <email address hidden> Wed, 18 Dec 2024 11:18:59 -0330

  ceph (17.2.7-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream point release (LP: #2043336):
    - d/p/fix-lvm-devices.patch: Cherry pick committed fix for issues
      using LVM PV/LV for OSDs introduced in 17.2.7 release.
    - d/p/patch-out-exporter.patch: Refresh for new release.
    - d/p/CVE-2023-43040.patch: Drop, included in release.

 -- Luciano Lo Giudice <email address hidden> Thu, 08 Feb 2024 11:33:49 +0000

  ceph (17.2.6-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Improper bucket validation in POST requests
    - debian/patches/CVE-2023-43040.patch: rgw: Fix bucket validation against POST policies
    - CVE-2023-43040

 -- Nick Galanis <email address hidden> Thu, 11 Jan 2024 12:26:46 +0000

  ceph (17.2.6-0ubuntu0.22.04.2) jammy; urgency=medium

  [ Peter Sabaini]
  * Create package for the cephfs-mirror tool (LP: #2003704).

 -- Luciano Lo Giudice <email address hidden> Thu, 31 Aug 2023 22:44:27 +0000

  ceph (17.2.6-0ubuntu0.22.04.1) jammy; urgency=medium

  [ Luciano Lo Giudice ]
  * New upstream point release (LP: #2018929).
  * d/p/*: Refresh.

  [ Peter Sabaini ]
  * Fix: add the mgr.nfs package to the core modules (LP: #2003530).

  [ James Page ]
  * d/p/32bit-fixes.patch: rework size_t usage to avoid FTBFS on 32 bit
    architectures.
  * d/p/CVE-2022-*: Drop security related patches, included in release.

 -- Luciano Lo Giudice <email address hidden> Fri, 26 May 2023 15:42:09 +0100