Bug#944099: CVE-2019-14433 / OSSA-2019-003: buster-pu: package nova/2:18.1.0-6 -> 18.1.0-6+deb10u1
- To: Thomas Goirand <zigo@debian.org>, 944099@bugs.debian.org
- Subject: Bug#944099: CVE-2019-14433 / OSSA-2019-003: buster-pu: package nova/2:18.1.0-6 -> 18.1.0-6+deb10u1
- From: Julien Cristau <jcristau@debian.org>
- Date: Sun, 26 Apr 2020 17:06:26 +0200
- Message-id: <[🔎] 20200426150626.GA9866@chou>
- Reply-to: Julien Cristau <jcristau@debian.org>, 944099@bugs.debian.org
- In-reply-to: <53b9a529-689f-7fa6-bb15-b971c52f76bc@debian.org>
- References: <157286483228.14443.11314232019216025750.reportbug@zbuz.infomaniak.ch> <20191123170947.GA6173@tomate.cristau.org> <157286483228.14443.11314232019216025750.reportbug@zbuz.infomaniak.ch> <53b9a529-689f-7fa6-bb15-b971c52f76bc@debian.org> <157286483228.14443.11314232019216025750.reportbug@zbuz.infomaniak.ch>
On Sun, Nov 24, 2019 at 10:06:51AM +0100, Thomas Goirand wrote:
> On 11/23/19 6:09 PM, Julien Cristau wrote:
> > Control: tag -1 moreinfo
> >
> > On Mon, Nov 04, 2019 at 11:53:52AM +0100, Thomas Goirand wrote:
> >> We would like to update Nova in Buster for 2 reasons. First, there's
> >> OSSA-2019-003 / CVE-2019-14433 which we would like to fix. Second,
> >> in non-interactive mode, upgrading Nova can lead to some configuration
> >> changes, which is an RC bug.
> >>
> > This doesn't sound like it should require new debconf templates. What's
> > the logic there? Why does upgrading touch the configuration at all?
> >
> > Cheers,
> > Julien
>
> Same as for Heat for which I just replied.
>
> In the postinst, after consuming the password prompt in the .config
> script, the password is forgotten using db_unregister. The only way to
> avoid this is to have this other screen prompting for not handling this
> through debconf, which is always the default.
>
This still doesn't make sense to me.
Cheers,
Julien
Reply to: