| mgariepy | anyone knows if there are patches to mitigate these for neutron ? https://mail.openvswitch.org/pipermail/ovs-discuss/2024-March/052994.html | 13:18 |
|---|---|---|
| fungi | mgariepy: you mean without upgrading ovn? | 13:44 |
| mgariepy | hmm yeah by right upgrading ovn would also fix it. | 13:45 |
| mgariepy | but i was wondering if neutron would need to change some acl also. | 13:45 |
| fungi | not sure, might be worth asking folks in #openstack-neutron about. the openstack vmt doesn't officially track vulnerabilities in dependencies, and recommend consumers rely on curated distributions to provide them since their package maintainers handle the backporting of security fixes to contemporary releases of those dependencies | 13:47 |
| mgariepy | fair enough | 13:51 |
| mgariepy | thanks | 13:51 |
| fungi | looking closer at the ovn advisory, they already provide backports to 5 different versions, so it's probably pretty well covered and i would expect patching or minimally upgrading should be safe | 13:52 |
| mgariepy | yeah distro will probably publish updates soon-ish :D | 13:53 |
| fungi | since it's not a python-based dependency, i'm not even sure whether neutron is overly reliant on specific ovn versions anyway | 13:54 |
| fungi | i expect it's just whatever version is provided on the distros we test upstream | 13:54 |
| mgariepy | i guess some feature needs some version of ovn pretty much like nova and libvirt does | 13:55 |
| fungi | right, but basically as long as whatever we're testing with also gets security patches, we'll be testing against the patched versions | 13:56 |
| fungi | even for stable branches | 13:56 |
| mgariepy | yep | 14:08 |
| *** blarnath is now known as d34dh0r53 | 14:51 | |
| opendevreview | Merged openstack/security-doc master: Add OSSN-0093 https://review.opendev.org/c/openstack/security-doc/+/912028 | 16:35 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!