Comment 24 for bug 1998625
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: [Bug 1998625] Re: Arbitrary file access through custom S3 XML entities (CVE-2022-47950) | #24 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Sending advance notification to downstream stakeholders can't happen
until we have consensus on the fix(es), individual patches for each
stable branch at least as far back as stable/xena, and agree on a
publication date and time.
It sounds like there is likely consensus on the current state of
your patch, and since you indicate you expect to directly push the
same patch to multiple branches I suppose can just include copies of
the same patch named for each branch in order to avoid confusion.
Assuming this is all accurate, I can send the advance notification
to downstream stakeholders on Tuesday, January 10, with a planned
advisory publication at 15:00 UTC on Tuesday, January 17 (our
maximum of 5 business days, in order to give deployers and
distribution package maintainers ample time to prepare updated
packages).
Does this plan sound reasonable to everyone? If there are no
objections by Tuesday, January 10, I'll proceed under the assumption
that it's fine. Thanks!