| opendevreview | Jeremy Stanley proposed openstack/ossa master: Add OSSA-2024-002 (CVE-2024-40767) https://review.opendev.org/c/openstack/ossa/+/924735 | 14:03 |
|---|---|---|
| fungi | prometheanfire: tonyb: JayF: rosmaita: ^ | 14:04 |
| JayF | +2 | 14:09 |
| fungi | i've also got the advisory e-mails based on the rst version of that queued up and ready to send at the top of the hour | 14:17 |
| priteau | Will there be patches available for Zed and Yoga? | 14:22 |
| fungi | i think zigo made some backports for debian, but i don't recall what versions exactly | 14:23 |
| fungi | unmaintained/yoga and unmaintained/zed branches are past end of maintenance, so project maintainers aren't expected to provide patches for those | 14:24 |
| fungi | i think mnaser did backports of ossa-2024-001 to unmaintained/zed, so may be working on similar for this | 14:25 |
| fungi | i'm going to self-approve 924735 so the site will hopefully have the published copy at the same time as i send the announcements | 14:29 |
| opendevreview | Merged openstack/ossa master: Add OSSA-2024-002 (CVE-2024-40767) https://review.opendev.org/c/openstack/ossa/+/924735 | 14:38 |
| fungi | https://security.openstack.org/ has it now, so we're all set for the announcements to go out in 15 minutes. i've also notified mitre that the corresponding cve entry can be switched to public | 14:45 |
| fungi | fire in the hole! | 15:00 |
| rosmaita | sorry i missed the shout out, but 924735 LGTM | 15:47 |
| zigo | priteau: I backported from caracal all the way to victoria, all is in http://osbpo.debian.net | 15:49 |
| priteau | zigo: thanks. I managed to do a clean backport to yoga as well by pulling the iso file format inspector patch series | 15:51 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!