Hi Brian, > I feel like the CVE referenced in the nova upload,[CVE-2017-7214] Failed > notification payload is > dumped in logs with auth secrets, should be called > out in the changelog and the Launchpad bug > should have an Ubuntu yakkety task.
I've uploaded a new version with the changelog updated to call out the CVE fix and I've also updated the CVE bug to target the corresponding ubuntu and cloud archive releases. Note, It looks like we need to get this uploaded for Ocata too. > > I'm not sure I've seen an SRU with a CVE fix in it though, is this normally > done? I think this is normal. Upstream cuts stable releases per project whenever the project thinks it's needed (until EOL which tends to be approx one year for upstream openstack). And with the CVE being the last 2 commits prior to the 14.0.5 release, it looks like they did the right thing in getting it out the door when they did. Corey -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1688557 Title: [SRU] newton stable releases To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1688557/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
