[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#944099: CVE-2019-14433 / OSSA-2019-003: buster-pu: package nova/2:18.1.0-6 -> 18.1.0-6+deb10u1

On 11/23/19 6:09 PM, Julien Cristau wrote:
> Control: tag -1 moreinfo
> 
> On Mon, Nov 04, 2019 at 11:53:52AM +0100, Thomas Goirand wrote:
>> We would like to update Nova in Buster for 2 reasons. First, there's
>> OSSA-2019-003 / CVE-2019-14433 which we would like to fix. Second,
>> in non-interactive mode, upgrading Nova can lead to some configuration
>> changes, which is an RC bug.
>>
> This doesn't sound like it should require new debconf templates.  What's
> the logic there?  Why does upgrading touch the configuration at all?
> 
> Cheers,
> Julien

Same as for Heat for which I just replied.

In the postinst, after consuming the password prompt in the .config
script, the password is forgotten using db_unregister. The only way to
avoid this is to have this other screen prompting for not handling this
through debconf, which is always the default.

Cheers,

Thomas Goirand (zigo)
Reply to: