From: Raspbian automatic forward porter <root@raspbian.org>
Date: Fri, 4 Jun 2021 01:22:26 +0000 (+0100)
Subject: Merge version 14.2.20-2+rpi1 and 14.2.21-1 to produce 14.2.21-1+rpi1
X-Git-Tag: archive/raspbian/14.2.21-1+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=159aa268f5c90e31c5c530ffecca178d6e5da6c4;p=ceph.git

Merge version 14.2.20-2+rpi1 and 14.2.21-1 to produce 14.2.21-1+rpi1
---

159aa268f5c90e31c5c530ffecca178d6e5da6c4
diff --cc debian/changelog
index 9ade694fe,9a9cea604..172276856
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,15 -1,12 +1,25 @@@
- ceph (14.2.20-2+rpi1) bullseye-staging; urgency=medium
++ceph (14.2.21-1+rpi1) bullseye-staging; urgency=medium
 +
 +  [changes brought forward from 10.2.5-7.2+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 30 Jul 2017 09:48:17 +0000]
 +  * Add Raspbian to lists of "debian-like" distros.
 +    + Hopefully this will fix site-packages vs dist-packages
 +      build failure in Raspbian.
 + 
 +  [changes introduced in 14.2.5-3+rpi1 by Peter Michael Green]
 +  * Remove problematic gitattributes files.
 +  * Disable neon on armhf too.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Tue, 11 May 2021 15:04:10 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Fri, 04 Jun 2021 01:22:25 +0000
++
+ ceph (14.2.21-1) unstable; urgency=high
+ 
+   * New upstream release, resolving these:
+     - CVE-2021-3509: Cross Site Scripting via token Cookie (Closes: #988888).
+     - CVE-2021-3524: injection of HTTP headers via a CORS ExposeHeader tag in
+       the Ceph Storage RadosGW (Closes: #988889).
+     - CVE-2021-3531: RadosGW denial of service (crash) (Closes: #988890).
+ 
+  -- Thomas Goirand <zigo@debian.org>  Thu, 27 May 2021 12:04:21 +0200
  
  ceph (14.2.20-2) unstable; urgency=medium