* fence_rhevm: add patch for CVE-2019-10153 (Closes: #930887)
Including non-ASCII characters in a guest VM's comment or other fields
would cause fence_rhevm to exit with an exception.
Which means it is fixed from Focal on. The Ubuntu security tracker might have missed this one, I do not know how it works.
- I brought up to the Server team this question mark that I have regarding the naming of those binary packages. After some discussion, the team agreed to implement a different approach:
+ Create a transitional binary package called "fence-agents". It will make the upgrade smoother for people already using it. This transitional package will depend on the supported and unsupported agents binary packages.
+ Rename the current "fence-agents-supported" to "fence-agents-core". Some members of the team said that "supported" might not be good because it might lead to different interpretations of the word. However, we are opened for other suggestions here.
+ Rename the current "fence-agents" with unsupported agents to "fence-agents-extra".
WDYT about the approach suggested above Dan? Does that sound good to you? I am going to implement it if we all agree, and in this case we will need to promote the following binary packages:
- fence-agents-common
- fence-agents-core (instead of fence-agents-supported)
Thanks for the review Dan! Some comments below:
- I'll make sure the Server team is subscribed to this package.
- Regarding the CVE-2019-10153 fix, it is mentioned in the changelog:
$ cat debian/changelog | grep -B2 -A4 CVE-2019-10153
fence-agents (4.3.3-2) unstable; urgency=high
* fence_rhevm: add patch for CVE-2019-10153 (Closes: #930887)
Including non-ASCII characters in a guest VM's comment or other fields
would cause fence_rhevm to exit with an exception.
-- Valentin Vidic <email address hidden> Sun, 23 Jun 2019 19:53:35 +0200
Which means it is fixed from Focal on. The Ubuntu security tracker might have missed this one, I do not know how it works.
- I brought up to the Server team this question mark that I have regarding the naming of those binary packages. After some discussion, the team agreed to implement a different approach:
+ Create a transitional binary package called "fence-agents". It will make the upgrade smoother for people already using it. This transitional package will depend on the supported and unsupported agents binary packages. agents- supported" to "fence- agents- core". Some members of the team said that "supported" might not be good because it might lead to different interpretations of the word. However, we are opened for other suggestions here. agents- extra".
+ Rename the current "fence-
+ Rename the current "fence-agents" with unsupported agents to "fence-
WDYT about the approach suggested above Dan? Does that sound good to you? I am going to implement it if we all agree, and in this case we will need to promote the following binary packages:
- fence-agents-common supported)
- fence-agents-core (instead of fence-agents-