In other words, having the fix in backports is fine I think.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060014
Title:
CVE-2024-2947 command injection when deleting a sosreport with a
crafted
Marc: Thanks -- no urgency from my side, I just wasn't sure about your
current CVE "must/may fix" policies.
** Changed in: cockpit (Ubuntu Mantic)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
@pitti: mantic will be EoL in a couple of months, I think if you want
the fix in quickly, having the minimal fix would be the fastest way to
do it, though you may decide it's not worth it seeing as the release
will be ending soon.
--
You received this bug notification because you are a member of
> They didn't propagate yet due to noble being jammed so much
This happened now \o/, so they are ready to go.
** Changed in: cockpit (Ubuntu Noble)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Backporters: I uploaded backports from noble-proposed to mantic and
jammy. They didn't propagate yet due to noble being jammed so much, but
we do validate them on both releases upstream. I'll let you decide
whether to accept or stall them.
--
You received this bug notification because you are a
@Marc, security team: I'd like your opinion/preference/guidance for
mantic: It currently has upstream version 300.1. Half a year ago we did
two more upstream point releases for critical bug fixes (aimed at and
uploaded to RHEL): https://github.com/cockpit-
project/cockpit/releases/tag/300.2 and
Note: I tried to add backports tasks, but there's neither a
https://launchpad.net/jammy-backports nor a
https://launchpad.net/mantic-backports project. But not a biggie, these
will both get 314 as soon as it lands in noble.
--
You received this bug notification because you are a member of Ubuntu