From: Abhishek Lekshmanan <abhishek@suse.com>
Date: Fri, 22 Feb 2019 16:16:12 +0000 (+0100)
Subject: add a note on rgw civetweb cve in PendingReleaseNotes
X-Git-Tag: v13.2.5~5^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F26590%2Fhead;p=ceph.git

add a note on rgw civetweb cve in PendingReleaseNotes

Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
---

diff --git a/PendingReleaseNotes b/PendingReleaseNotes
index a15f54eb3f3a..9d87d10c9b4b 100644
--- a/PendingReleaseNotes
+++ b/PendingReleaseNotes
@@ -70,3 +70,6 @@ notes (?))
   this flag *must not* be unset anymore. In luminous, this feature was
   introduced in 12.2.11. Users who are running 12.2.11, and want to
   continue to use this feauture, should upgrade to 13.2.5 or later.
+
+* This release also fixes a cve on civetweb, CVE-2019-3821 where ssl fds were
+  not closed in civetweb in case the initial negotiation fails.