Re: Bug#926043: CVE-2019-0816
severity 926043 important
thanks
On Tue, Apr 02, 2019 at 01:56:35PM +0200, Thomas Goirand wrote:
> On 4/2/19 12:46 PM, Moritz Muehlenhoff wrote:
> > On Tue, Apr 02, 2019 at 12:33:10PM +0200, Thomas Goirand wrote:
> >> On 4/1/19 11:44 PM, Moritz Mühlenhoff wrote:
> >>> Instead of arguing over bug severities, can't we rather fix the bug?
> >>
> >> Sure.
> >>
> >>> Ubuntu fixed this already and their versions seems fairly close.
> >>
> >> That's the thing. I went into the launchpad bug report, and it's full of
> >> small, incremental commits, from which it is very hard to figure out
> >> which one is really fixing the issue. Also, the Ubuntu package is just
> >> getting a snapshot from upstream, it's not integrating any patch. If
> >> someone can point at the correct patch, I'll do the update work.
> >
> > Actually, given Bastian's reply, we can just close the bug, or am I missing
> > something?
> >
> > Cheers,
> > Moritz
>
> Well, not 100%. "we" don't support cloud-init provisioning yet. Though
> someone running Debian, building their own image, cloud be affected by
> the bug. Which is why I'd suggest downgrading the bug to important, as
> it would only affect, only potentially, a very small subset of users.
OK, I see! Downgrading makes total sense, then. Doing that now.
> I still believe we should try to get this fixed in time for Buster, and
> backport it to Stretch.
Ack.
Cheers,
Moritz
Reply to: