Re: [neutron][security-sig] Bug deputy report August 24 - 30

Hi, On Tue, Sep 01, 2020 at 01:17:53PM +0000, Jeremy Stanley wrote:

Hopefully it's not a lot of additional work, but the VMT would be thrilled if projects would also keep Public Security vulnerability reports in mind and try to wrap up any they can. For example, the Neutron project on Launchpad has 9 currently unresolved, some opened more than 3 years ago:

<URL: https://bugs.launchpad.net/neutron/+bugs?field.searchtext=&orderby=-importance&search=Search&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.information_type%3Alist=PUBLICSECURITY >

Thx for the link Jeremy. I will check those bugs.

I'm willing to bet at least a few are either fixed now, related to deprecated/removed functionality, or simply unreproducible. And if they're still real bugs but don't represent an actual exploitable vulnerability, that's good to know too (in which case we'd just switch them to regular Public bugs so the VMT no longer needs to keep track of those). -- Jeremy Stanley

-- Slawek Kaplonski Principal software engineer Red Hat