Re: time is running: security issue BZ#2241470

2023-10-05 Thread Adam Williamson
On Thu, 2023-10-05 at 19:01 +0200, Tomasz Torcz wrote: > On Thu, Oct 05, 2023 at 11:23:35AM -0400, Stephen Smoogen wrote: > > On Sat, 30 Sept 2023 at 05:13, Marius Schwarz > > wrote: > > > > > > > > Hi, > > > > > > this is emerg ping for the security team, to take a look at this bz : > > > >

Re: time is running: security issue BZ#2241470

2023-10-05 Thread Tomasz Torcz
On Thu, Oct 05, 2023 at 11:23:35AM -0400, Stephen Smoogen wrote: > On Sat, 30 Sept 2023 at 05:13, Marius Schwarz > wrote: > > > > > Hi, > > > > this is emerg ping for the security team, to take a look at this bz : > > > > https://bugzilla.redhat.com/show_bug.cgi?id=2241470 > > > > The deadline

Re: time is running: security issue BZ#2241470

2023-10-05 Thread Stephen Smoogen
On Sat, 30 Sept 2023 at 05:13, Marius Schwarz wrote: > > Hi, > > this is emerg ping for the security team, to take a look at this bz : > > https://bugzilla.redhat.com/show_bug.cgi?id=2241470 > > excuse me, for bringing this to the list, as a security bz is the way to > go, but time is running

Re: time is running: security issue BZ#2241470

2023-09-30 Thread Marcus Müller
Hi Marius,, I'd also point out that if you want to inform the security team about something, you should inform directly – and it seems you've done that, by properly labeling that issue (which I can't read at all) as sensitive. As the others pointed out, there's nothing that can be done

Re: time is running: security issue BZ#2241470

2023-09-30 Thread JT
As far as the "Fedora Security Team" we dont know anything that's not public either. RH's security team has access to the embargoed stuff and I assume that they handle it privately with the package maintainer and prep the patch themselves. I say assume because I have zero visibility into what

Re: time is running: security issue BZ#2241470

2023-09-30 Thread Justin Forbes
On Sat, Sep 30, 2023 at 10:55 AM Kevin Fenzi wrote: > > On Sat, Sep 30, 2023 at 11:13:32AM +0200, Marius Schwarz wrote: > > > > Hi, > > > > this is emerg ping for the security team, to take a look at this bz : > > > > https://bugzilla.redhat.com/show_bug.cgi?id=2241470 > > If this is an embargoed

Re: time is running: security issue BZ#2241470

2023-09-30 Thread Kevin Fenzi
On Sat, Sep 30, 2023 at 11:13:32AM +0200, Marius Schwarz wrote: > > Hi, > > this is emerg ping for the security team, to take a look at this bz : > > https://bugzilla.redhat.com/show_bug.cgi?id=2241470 If this is an embargoed bug (I can't see it, so no idea if it is, but it seems likely),

time is running: security issue BZ#2241470

2023-09-30 Thread Marius Schwarz
Hi, this is emerg ping for the security team, to take a look at this bz : https://bugzilla.redhat.com/show_bug.cgi?id=2241470 excuse me, for bringing this to the list, as a security bz is the way to go, but time is running fast and the patched release needs to be build and shipped in 36h