Monday, 2026-06-15

« Sunday, 2026-06-14 Index Tuesday, 2026-06-16 »
-opendevstatus- NOTICE: Recent POST_FAILURE job results with no logs were due to upload errors in one of our providers, which has been temporarily disabled now so rechecking those should be safe12:45
fungihttps://daniel.haxx.se/blog/2026/06/15/curl-summer-of-bliss/13:15
opendevreviewJay Faulkner proposed openstack/ossa master: [OSSA-2026-017] Errata 1: fix parsing edge cases  https://review.opendev.org/c/openstack/ossa/+/99318520:12
JayFfungi: gouthamr: ^ I played with the rendered version locally, I think that's as good as it's likely to look20:13
fungithanks! i'll check it out as soon as zuul spits out a draft render20:15
JayFfungi: from my local rendering https://usercontent.irccloud-cdn.com/file/faucNmIM/image.png20:20
JayFgo ahead and +A if you +2 please20:20
fungizuul did the thing too, eventually: https://4a6cb73899a7f4b7d538-2873a01b0773a66592697113273431a2.ssl.cf5.rackcdn.com/openstack/c83482c1adf748d09c2e00663882925b/docs/ossa/OSSA-2026-017.html20:21
fungilgtm20:21
* gouthamr inserts late to party comment20:27
* gouthamr good that the releases identified haven't been tagged yet!20:27
gouthamrbut asking for the future, if we had, would we update the affects version string?20:27
JayFI would've likely done so, yes20:28
JayFIronic is not rushing to push releases to update these because of the quantity of OSSAs/OSSNs issued by our team in a short time20:28
gouthamrack, and probably treated it as a different bug20:28
gouthamryeah20:28
opendevreviewMerged openstack/ossa master: [OSSA-2026-017] Errata 1: fix parsing edge cases  https://review.opendev.org/c/openstack/ossa/+/99318520:31
fungiit's worth discussing, we can count the number of advisories in the history of openstack which have gotten errata patches on one hand, so those which spanned multiple releases are functionally close to zero20:31
fungithere's effectively no precedent, we can invent our own however makes the most sense20:32
gouthamrack drawing a parallel: i've been in a situation where i've committed a bug fix and written a release note for it.. if a release has been tagged, and i needed to enhance the bug fix, I still reference the same LP, but I don't edit the release note.. I write a new one20:39
gouthamrsry, said that wrong.. i reference the LP for context, but it's a new LP too20:40
gouthamrjust trying to keep things sane for someone that may have already consumed released software20:40
fungimy guiding rule is to do whatever is easiest and requires the least time/effort20:42
fungibecause that's our worst bottleneck20:42
gouthamrseems easy to track the releases and look for this; but yes, an errata effort is definitely welcome :) 20:47
opendevreviewJay Faulkner proposed openstack/ossa master: [OSSA-2026-022]: IPA Binary Command Injection (CVE-2026-43003)  https://review.opendev.org/c/openstack/ossa/+/98685021:10
JayFI'm also reserving -02321:13
fungithanks21:13
fungilooking at 022 now, we usually don't do ossa on mondays, but since it's public workflow we're more flexible21:14
JayFIf you look at my self-comment21:14
JayFit's more likely to be good to go on the morrow21:14
fungiokay, you'll obviously want to update the date field in that case21:15
JayFyep, I always check those on day-of-merge21:16
opendevreviewJay Faulkner proposed openstack/ossa master: [OSSA-2026-023] Ironic: Volume props unredacted (CVE-2026-54421)  https://review.opendev.org/c/openstack/ossa/+/99346521:35
opendevreviewJay Faulkner proposed openstack/ossa master: [OSSA-2026-022]: IPA Binary Command Injection (CVE-2026-43003)  https://review.opendev.org/c/openstack/ossa/+/98685021:39
opendevreviewJay Faulkner proposed openstack/ossa master: [OSSA-2026-023] Ironic: Volume props unredacted (CVE-2026-54421)  https://review.opendev.org/c/openstack/ossa/+/99346521:39
« Sunday, 2026-06-14 Index Tuesday, 2026-06-16 »

Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!