[OpenStack-Infra] Fwd: CVE References in LPs are messed up after centos feature branch rebase

Saul Wold sgw at linux.intel.com
Fri Dec 13 16:48:21 UTC 2019

Hello Infra team:

Apparently something got messed up with Launchpad and updating a number 
of starlingx repos with a feature branch.

I was following the methodology of updating a feature branch with 
changes from master via merges and I guess when I pushed that to gerrit 
and it merged, it caused some Launchpad ugliness. See email below.



-------- Forwarded Message --------
Subject: 	CVE References in LPs are messed up after centos feature 
branch rebase
Date: 	Fri, 13 Dec 2019 00:30:26 +0000
From: 	Khalil, Ghada <Ghada.Khalil at windriver.com>
To: 	Saul Wold <sgw at linux.intel.com>

Hi Saul,

The CVE References in about 15 LPs are now messed up after the rebase of 
the f-centos8 feature branch. The rebase updated a large # of launchpads 
and somehow automatically added CVE references (from a subset of bugs) 
to all of them. Any idea what is going on here?

Here are some examples:


Originally had no CVE References. Now it has 3 references.


Originally only had CVE-2018-15686 as a CVE Reference. Now it has all 
the recently fixed CVEs linked to this bug.

Snapshot from the full activity log:

Here is the query that shows that all the bugs that were picked up in 
the rebase now have CVE links:


*Ghada Khalil*, Manager, Titanium Cloud, *Wind River*
direct 613.270.2273  skype ghada.khalil.ottawa

350 Terry Fox Drive, Suite 200, Kanata, ON K2K 2W5

More information about the OpenStack-Infra mailing list