Comment 19 for bug 1872735
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: EC2 and/or credential endpoints are not protected from a scoped context | #19 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Examples in advisories will typically illustrate worst-case scenarios, but we use terms like "can," "could," "may," or "might" so as to avoid writing in absolutes and make it apparent that the severity of the impact depends greatly on situational variables.
As for whether this can be disclosed soon enough to make it into Ussuri, final release candidates aren't due until May 8. If we took the day before as the proposed disclosure date (which would admittedly be cutting it close), then we would need a suitable impact description and working backports no later than May 4. If we had those any time between now and April 25, we could set a disclosure date of April 28 (too late for RC1 so would need to be committed to both master and stable/ussuri branches, but still well in time for the release). Timeframes for coordinated disclosure are calculated per the rules outlined here: https:/
Also, the reporter detail in parentheses would typically be Kay's employer or other affiliated organization they wanted to credit along with their name.