| *** jawad_axd has joined #openstack-security | 00:01 | |
| *** macz_ has quit IRC | 00:02 | |
| *** jawad_axd has quit IRC | 00:05 | |
| fungi | okay, i think i've updated them all | 00:11 |
|---|---|---|
| fungi | i also searched for and cleaned up some public reports which still had old embargo warnings hanging out in their descriptions | 00:12 |
| fungi | a pending task is that i notice we've got a lot (approaching 100) ancient private security bugs which were resolved, marked invalid, et cetera, years ago and never switched to public. i'll try to open up most of those tomorrow | 00:13 |
| *** jawad_axd has joined #openstack-security | 00:22 | |
| *** jawad_axd has quit IRC | 00:26 | |
| *** gyee has quit IRC | 01:52 | |
| *** rezroo has quit IRC | 02:28 | |
| *** dave-mccowan has quit IRC | 05:19 | |
| *** jawad_axd has joined #openstack-security | 07:08 | |
| *** tesseract has joined #openstack-security | 08:05 | |
| *** rcernin has quit IRC | 08:56 | |
| *** tesseract has quit IRC | 10:11 | |
| *** tesseract has joined #openstack-security | 10:12 | |
| *** tesseract has quit IRC | 10:16 | |
| *** tesseract has joined #openstack-security | 10:16 | |
| *** trident has quit IRC | 10:31 | |
| *** trident has joined #openstack-security | 10:34 | |
| *** tesseract has quit IRC | 13:40 | |
| *** tesseract has joined #openstack-security | 13:42 | |
| fungi | bug 1798351 was switched to public and marked as a duplicate of bug 1501206 | 13:47 |
| openstack | bug 1501206 in neutron (Ubuntu Bionic) "duplicate for #1798351 router:dhcp ports are open resolvers" [High,Fix released] https://launchpad.net/bugs/1501206 | 13:47 |
| openstack | bug 1501206 in neutron (Ubuntu Bionic) "router:dhcp ports are open resolvers" [High,Fix released] https://launchpad.net/bugs/1501206 | 13:47 |
| fungi | bug 1865036 is now public, treating as class c1 per our report taxonomy | 14:03 |
| openstack | bug 1865036 in neutron "l3 agent metadata proxy allows access to metadata from any available network" [Undecided,Confirmed] https://launchpad.net/bugs/1865036 - Assigned to Brian Haley (brian-haley) | 14:03 |
| fungi | i've switched bug 1790706 to public since it was fixed in stein | 14:08 |
| openstack | bug 1790706 in neutron "Additional metadata service endpoints on OpenStack accessible" [Undecided,New] https://launchpad.net/bugs/1790706 | 14:08 |
| *** rezroo has joined #openstack-security | 14:24 | |
| *** gagehugo has quit IRC | 14:28 | |
| *** gagehugo has joined #openstack-security | 14:29 | |
| *** rezroo has quit IRC | 14:29 | |
| *** rezroo has joined #openstack-security | 14:30 | |
| fungi | the following ancient (>5yo) bugs have been switched from private{, security} to public{, security} because they were all marked as fixed or invalid (many predate any formal vmt, most predate our modern workflows and tracking): 836605, 903232, 1036505, 1137366, 1163613, 1192220, 1198857, 1209126, 1211557, 1243832, 1257386, 1285182, 1302040, 1306034, 1316791, 1329006, 1334017, 1334018, 1334026, | 14:47 |
| fungi | 1334028, 1351412, 1361192, 1381197, 1387160, 1408530 | 14:48 |
| fungi | a few were marked as new or triaged but did not appear to be current vulnerabilities | 14:48 |
| *** jawad_axd has quit IRC | 14:48 | |
| *** jawad_axd has joined #openstack-security | 14:53 | |
| *** jawad_axd has quit IRC | 14:57 | |
| *** tesseract has quit IRC | 15:05 | |
| *** tesseract has joined #openstack-security | 15:07 | |
| gagehugo | ack | 15:28 |
| gagehugo | thanks fungi | 15:28 |
| fungi | and these are some slightly newer (4yo) bugs which were switched to public{, security} because they were set to invalid/opinion/fixed or seemed to describe normal non-security-related bugs and requests for help: 1453771, 1459547, 1478117, 1493641, 1504456, 1504457, 1507750, 1522362, 1525947, 1533724, 1543335, 1545702, 1572966 | 15:33 |
| fungi | trying to whittle down openstack's private security bugs to just those which are still outstanding, and double-checking private non-security bugs to see if they were mis-filed | 15:35 |
| *** jawad_axd has joined #openstack-security | 16:01 | |
| *** jawad_axd has quit IRC | 16:05 | |
| gagehugo | redrobot: any update about barbican and the PTG? I'm gonna respond to the survey likely today otherwise I will forget | 16:05 |
| *** macz_ has joined #openstack-security | 16:16 | |
| *** gyee has joined #openstack-security | 16:16 | |
| *** tesseract has quit IRC | 16:17 | |
| *** rezroo has quit IRC | 16:36 | |
| *** rezroo has joined #openstack-security | 16:37 | |
| *** gagehugo has quit IRC | 17:21 | |
| fungi | some other bugs i've made public because it seemed prudent to do so (not vmt-overseen in most cases, but still filed against openstack deliverables and seemingly ignored or slipped through cracks long ago): 1575328, 1580945, 1613423, 1657586, 1677315, 1694046, 1697751, 1708595, 1714297, 1735699, 1740472, 1751032, 1751964, 1752249, 1760530, 1765339, 1804722, 1830607, 1858186 | 18:44 |
| *** dasp_ has joined #openstack-security | 18:55 | |
| *** dasp has quit IRC | 18:57 | |
| *** gagehugo has joined #openstack-security | 19:04 | |
| *** gagehugo has quit IRC | 19:11 | |
| *** gagehugo has joined #openstack-security | 19:11 | |
| redrobot | gagehugo, heya! Sorry, no updates. I won't be upset if you only get a table for Sec. :) | 20:03 |
| gagehugo | no worries | 20:03 |
| *** jawad_axd has joined #openstack-security | 20:06 | |
| *** jawad_axd has quit IRC | 20:10 | |
| *** rezroo has quit IRC | 22:22 | |
| *** rezroo has joined #openstack-security | 22:22 | |
| *** macz_ has quit IRC | 23:44 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!