[nova][ops] EOL'ing stable/train ?
Jeremy Stanley
fungi at yuggoth.org
Fri May 26 17:10:59 UTC 2023
On 2023-05-26 18:19:09 +0200 (+0200), Thomas Goirand wrote:
> On 5/24/23 12:24, Sylvain Bauza wrote:
[...]
> As for CVE-2023-2088, the issue is implementing the force
>
> > It would be difficult to fix the CVEs in the upstream branch but
> > hopefully AFAIK all the OpenStack distros already fixed them for their
> > related releases that use Train.
>
> So far, I haven't seen such a fix, neither in Ubuntu or RedHat, on any
> version prior to ussuri. If you have a link to a working patch, please let
> me know.
I think he may be referring to Red Hat. As I understand it, they
went with the https://wiki.openstack.org/wiki/OSSN/OSSN-0092
approach (mitigation through configuration only, disabling
attachment-delete functionality for users). I may be wrong though,
as I was not privy to their internal discussions.
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230526/ed9949d9/attachment.sig>
More information about the openstack-discuss
mailing list