[OpenStack-Infra] Fwd: CVE References in LPs are messed up after centos feature branch rebase

Saul Wold sgw at linux.intel.com
Fri Dec 13 16:48:21 UTC 2019


Hello Infra team:

Apparently something got messed up with Launchpad and updating a number 
of starlingx repos with a feature branch.

I was following the methodology of updating a feature branch with 
changes from master via merges and I guess when I pushed that to gerrit 
and it merged, it caused some Launchpad ugliness. See email below.

Thoughts?

Thanks
Sau!



-------- Forwarded Message --------
Subject: 	CVE References in LPs are messed up after centos feature 
branch rebase
Date: 	Fri, 13 Dec 2019 00:30:26 +0000
From: 	Khalil, Ghada <Ghada.Khalil at windriver.com>
To: 	Saul Wold <sgw at linux.intel.com>



Hi Saul,

The CVE References in about 15 LPs are now messed up after the rebase of 
the f-centos8 feature branch. The rebase updated a large # of launchpads 
and somehow automatically added CVE references (from a subset of bugs) 
to all of them. Any idea what is going on here?

Here are some examples:

https://bugs.launchpad.net/starlingx/+bug/1844579

Originally had no CVE References. Now it has 3 references.

https://bugs.launchpad.net/starlingx/+bug/1849200

Originally only had CVE-2018-15686 as a CVE Reference. Now it has all 
the recently fixed CVEs linked to this bug.

Snapshot from the full activity log:

Here is the query that shows that all the bugs that were picked up in 
the rebase now have CVE links:

https://bugs.launchpad.net/starlingx/+bugs?field.searchtext=&orderby=-importance&field.status%3Alist=NEW&field.status%3Alist=OPINION&field.status%3Alist=INVALID&field.status%3Alist=WONTFIX&field.status%3Alist=EXPIRED&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=FIXCOMMITTED&field.status%3Alist=FIXRELEASED&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&assignee_option=any&field.assignee=&field.bug_reporter=&field.bug_commenter=&field.subscriber=&field.structural_subscriber=&field.tag=in-f-centos8&field.tags_combinator=ANY&field.has_cve.used=&field.has_cve=on&field.omit_dupes.used=&field.affects_me.used=&field.has_patch.used=&field.has_branches.used=&field.has_branches=on&field.has_no_branches.used=&field.has_no_branches=on&field.has_blueprints.used=&field.has_blueprints=on&field.has_no_blueprints.used=&field.has_no_blueprints=on&search=Search

*Ghada Khalil*, Manager, Titanium Cloud, *Wind River*
direct 613.270.2273  skype ghada.khalil.ottawa

350 Terry Fox Drive, Suite 200, Kanata, ON K2K 2W5




More information about the OpenStack-Infra mailing list