Comment 147 for bug 2004555
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: Unauthorized volume access through deleted volume attachments (CVE-2023-2088) | #147 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Thanks Alan and Brian for clarification on the leak patch. I didn't attach it to the downstream notification, which seems to have been the right call. It makes sense to treat that as a master branch only hardening fix after publication.
As for the downstream notification, it took a little longer than I intended to massage it into the shape of our templated communications and map/copy the patches to the branch-specific name format we've standardized, but it was sent to our private embargo-notice ML and the private linux-distros ML a little before 01:00 UTC.