ceph (14.2.21-1) unstable; urgency=high

ceph (14.2.21-1) unstable; urgency=high

  * New upstream release, resolving these:
    - CVE-2021-3509: Cross Site Scripting via token Cookie (Closes: #988888).
    - CVE-2021-3524: injection of HTTP headers via a CORS ExposeHeader tag in
      the Ceph Storage RadosGW (Closes: #988889).
    - CVE-2021-3531: RadosGW denial of service (crash) (Closes: #988890).

[dgit import unpatched ceph 14.2.21-1]