Comment 33 for bug 1496277
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: template-validate may read server local files (CVE-2015-5295) | #33 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Steven, while it's not ideal to have a public fix for a private bug, for what it worth, the advance notification (pre-OSSA) can reference public review numbers. If both bugs 1508115 and bug 1496277 can be fixed with one patch, I'd say it's ok to do so directly on gerrit, as long as the security implication is not obvious.
However we need to make sure all the required piece to fix this bug are identified and referenced so that stakeholders can apply the fix.