| 2020-12-04 13:25:07 |
Jamie Strandboge |
bug |
|
|
added bug |
| 2020-12-04 13:25:21 |
Jamie Strandboge |
review-tools: status |
New |
In Progress |
|
| 2020-12-04 13:25:21 |
Jamie Strandboge |
review-tools: assignee |
|
Emilia Torino (emitorino) |
|
| 2020-12-04 13:25:28 |
Jamie Strandboge |
review-tools: importance |
Undecided |
Medium |
|
| 2020-12-04 13:28:29 |
Jamie Strandboge |
description |
With the addition of the snapcraft build package checks in the review-tools, the subject and body handling for kernel snaps is wrong when built with an affected snapcraft. Eg,
"
Subject: dragonboard-kernel built from outdated Ubuntu kernel
A scan of this snap shows that it was built using sources based on a kernel
from the Ubuntu archive that has since received security updates. The
following lists new USNs for the Ubuntu kernel that the snap is based on in
each snap revision:
Updating the snap's git tree, adjusting the version in the snapcraft.yaml
to match that of the Ubuntu kernel this snap is based on and rebuilding the
snap should pull in the new security updates and resolve this.
Thank you for your snap and for attending to this matter.
References:
* https://ubuntu.com/security/notices/USN-4661-1/
"
The reference correctly mentions the snapcraft USN, but the subject is wrong and there are no affected revisions. |
With the addition of the snapcraft build package checks in the review-tools, the subject and body handling for kernel snaps is wrong when built with an affected snapcraft. Eg,
"
Subject: dragonboard-kernel built from outdated Ubuntu kernel
A scan of this snap shows that it was built using sources based on a kernel
from the Ubuntu archive that has since received security updates. The
following lists new USNs for the Ubuntu kernel that the snap is based on in
each snap revision:
Updating the snap's git tree, adjusting the version in the snapcraft.yaml
to match that of the Ubuntu kernel this snap is based on and rebuilding the
snap should pull in the new security updates and resolve this.
Thank you for your snap and for attending to this matter.
References:
* https://ubuntu.com/security/notices/USN-4661-1/
"
The reference correctly mentions the snapcraft USN, but the subject is wrong and there are no affected revisions.
I suspect that LP: 1906827 is a contributing factor (though clearly there is something that is kernel snap-specific as well, hence the separate bug. |
|
| 2020-12-04 13:28:36 |
Jamie Strandboge |
description |
With the addition of the snapcraft build package checks in the review-tools, the subject and body handling for kernel snaps is wrong when built with an affected snapcraft. Eg,
"
Subject: dragonboard-kernel built from outdated Ubuntu kernel
A scan of this snap shows that it was built using sources based on a kernel
from the Ubuntu archive that has since received security updates. The
following lists new USNs for the Ubuntu kernel that the snap is based on in
each snap revision:
Updating the snap's git tree, adjusting the version in the snapcraft.yaml
to match that of the Ubuntu kernel this snap is based on and rebuilding the
snap should pull in the new security updates and resolve this.
Thank you for your snap and for attending to this matter.
References:
* https://ubuntu.com/security/notices/USN-4661-1/
"
The reference correctly mentions the snapcraft USN, but the subject is wrong and there are no affected revisions.
I suspect that LP: 1906827 is a contributing factor (though clearly there is something that is kernel snap-specific as well, hence the separate bug. |
With the addition of the snapcraft build package checks in the review-tools, the subject and body handling for kernel snaps is wrong when built with an affected snapcraft. Eg,
"
Subject: dragonboard-kernel built from outdated Ubuntu kernel
A scan of this snap shows that it was built using sources based on a kernel
from the Ubuntu archive that has since received security updates. The
following lists new USNs for the Ubuntu kernel that the snap is based on in
each snap revision:
Updating the snap's git tree, adjusting the version in the snapcraft.yaml
to match that of the Ubuntu kernel this snap is based on and rebuilding the
snap should pull in the new security updates and resolve this.
Thank you for your snap and for attending to this matter.
References:
* https://ubuntu.com/security/notices/USN-4661-1/
"
The reference correctly mentions the snapcraft USN, but the subject is wrong and there are no affected revisions.
I suspect that LP: 1906827 is a contributing factor (though clearly there is something that is kernel snap-specific as well, hence the separate bug). |
|
| 2020-12-04 18:33:02 |
Emilia Torino |
merge proposal linked |
|
https://code.launchpad.net/~emitorino/review-tools/+git/review-tools/+merge/394901 |
|
| 2020-12-14 14:59:29 |
Emilia Torino |
review-tools: status |
In Progress |
Fix Released |
|
