Upgrade focal/libjcat to version 0.1.3-2 and MIR it
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OEM Priority Project |
Fix Released
|
Critical
|
Yuan-Chen Cheng | ||
libjcat (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
Needed for fwupd 1.5.11
[Test plan]
It has a test suite and fwupd uses it, so testing fwupd tests it to some extend
[Where problems could occur]
fwupd could break on regressions. Then again, this is a straight backport and it's fairly small.
[Original report]
per lp:1920723, we need to upgrade focal/lib cat to version 0.1.3-2 (as in groovy/
libjcat in focal is in universe, we need to MIR it.
ppa for upgrade libjcat in focal: https:/
[Availability]
yes, it's in ubuntu universe.
[Rationale]
Given lp:1920723, we need to MIR it in focal.
[Quality assurance]
[Security]
[Standards compliance]
[Maintenance]
Given it's in main in hirsute / groovy already, it's fine.
[Dependencies]
Per check, the dependency in groovy is exactly the same as in focal.
[Background information]
See details in lp:1934209
CVE References
Changed in oem-priority: | |
assignee: | nobody → Yuan-Chen Cheng (ycheng-twn) |
tags: | added: fwupd |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
information type: | Proprietary → Public |
Changed in oem-priority: | |
status: | New → In Progress |
description: | updated |
Changed in libjcat (Ubuntu): | |
status: | New → Fix Released |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in libjcat (Ubuntu Focal): | |
status: | New → In Progress |
tags: |
added: verification-done removed: verification-needed |
Changed in oem-priority: | |
status: | Fix Committed → Fix Released |
fwupd actually built fine without new libjcat, so not sure if we actually need to upgrade it. Arguably there seems to be a CVE in the old version and a couple of bug fixes that might be worthwhile anyway.