| opendevreview | Jay Faulkner proposed openstack/ossa master: Add OSSA-2024-005 (CVE-2024-53916) https://review.opendev.org/c/openstack/ossa/+/936200 | 15:34 |
|---|---|---|
| opendevreview | Jay Faulkner proposed openstack/ossa master: Add OSSA-2024-005 (CVE-2024-53916) https://review.opendev.org/c/openstack/ossa/+/936200 | 15:45 |
| fungi | rosmaita: ^ you had reviewed an earlier iteration of that if you have a moment to revisit | 17:58 |
| fungi | JayF: or i can single-core approve if you want to send the advisory before your eod | 19:50 |
| JayF | is it time to now? | 19:50 |
| fungi | i was going to pop out for a quick bite, and then check back in about an hour | 19:51 |
| fungi | which should put it after your lunch | 19:51 |
| fungi | we could also wait for the neutron changes to merge, but then you'd need to update the advisory date, so just trying to save you more work | 19:53 |
| fungi | anyway, i'll bbiab | 19:53 |
| fungi | thanks rosmaita! JayF, if i approve it now do you have time to send to the usual mailing lists? or should i prepare to do that part? | 21:19 |
| JayF | I'll take care of it before my EOD | 21:20 |
| fungi | approved in that case | 21:20 |
| fungi | if you can manage it in the next ~2.5 hours, that will put it within utc 2024-12-03 too, for maximum correctness | 21:21 |
| JayF | my EOD during !DST is 0000 :D | 21:25 |
| fungi | perfection | 21:25 |
| opendevreview | Merged openstack/ossa master: Add OSSA-2024-005 (CVE-2024-53916) https://review.opendev.org/c/openstack/ossa/+/936200 | 21:30 |
| fungi | JayF: publication completed, so you can copy https://security.openstack.org/_sources/ossa/OSSA-2024-005.rst into your e-mail if that's easiest | 21:45 |
| JayF | gah, had to send twice to oss-security@, accidentally sent the first one unsigned :( | 23:08 |
| JayF | emails out; CVE folks requested to update the description | 23:13 |
| fungi | thanks! | 23:14 |
| fungi | JayF: did the message to openstack-announce and openstack-discuss go out? i haven't seen either one arrive | 23:15 |
| JayF | I just approved the one to -announce | 23:16 |
| fungi | cool, that's why i didn't see it in the moderator queue then | 23:16 |
| JayF | -discuss is not listed on .... nope | 23:16 |
| JayF | I missed that one, sending | 23:16 |
| JayF | was about to cite it being missing when it wasn't missing :D | 23:16 |
| fungi | heh | 23:16 |
| JayF | will approve the one to -discuss | 23:17 |
| JayF | since it's coming from my @jvf | 23:17 |
| fungi | yeah, we usually send one with announce/discuss both on the to line, then a separate post to oss-security to avoid cross-posting horrors | 23:17 |
| JayF | to avoid spamming them. Like I have 2x in a row by accidentally not GPG signing the first one /o\ | 23:17 |
| JayF | did it for -004, did it for -005 | 23:18 |
| JayF | one day I'll get it right the first time | 23:18 |
| fungi | it happens | 23:18 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!