| tonyb | tobias-urdin, fungi: Circling back to: https://meetings.opendev.org/irclogs/%23openstack-security/%23openstack-security.2023-07-27.log.html Indeed those CVEs are considered duplicates and https://review.opendev.org/q/Ieef7011f48cd2188d4254ff16d90a6465bbabfe3 contains the fixes. | 11:21 |
|---|---|---|
| tonyb | RH does ship fixes against train but they weren't appropriate for upstream. | 11:22 |
| tobias-urdin | tonyb: ack, thanks! | 11:48 |
| fungi | yes, thanks for looking into it tonyb!!! | 11:52 |
| dmendiza[m] | No SIG meeting today, I assume? | 15:15 |
| fungi | oh, there can be! | 15:16 |
| fungi | have anything to talk about? | 15:16 |
| dmendiza[m] | Not really. Just making sure y'all know I'm still around 😅 | 15:17 |
| * dmendiza[m] is attempting to be more present in the SIG | 15:17 | |
| fungi | i still haven't gotten around to trying to restart the discussion about picking a better meeting time, since the previous response was at best lackluster | 15:17 |
| fungi | probably the most exciting current activity for the vmt is https://launchpad.net/bugs/2030976 | 15:18 |
| fungi | i'll put in the cve request for that today (finally) | 15:18 |
| fungi | at least it's pretty low-impact | 15:18 |
| dmendiza[m] | Yeah, I briefly saw that come through my email. | 15:18 |
| dmendiza[m] | Interesting for sure. | 15:18 |
| fungi | but if you have any feedback on it, feel free to weigh in | 15:18 |
| fungi | it was a borderline case. i'm treating it as if credentials were being leaked in non-debug service logs, but notifications aren't exactly logs. it's just unclear to what extent we provide guidance about how sensitive the contents of those notifications might be and how safe it is to give people access to them | 15:20 |
| mharley | o/ | 16:16 |
| mharley | Just recording presence. ;-) | 16:16 |
| fungi | ohai! | 16:24 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!