| teward | oss-security just had a post with a note from the polkit upstream about a patch for CVE-2021-4034 (which is not in the tracker that I could tell), is the Security Team going to check this? (pwnkit, local priv escalation in pkexec) | 19:04 |
|---|---|---|
| ubottu | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4034> | 19:04 |
| mdeslaur | teward: usn is coming out in a couple of minutes | 19:05 |
| teward | mdeslaur: ah, nice. and the tracker will be updated as well I assume? | 19:05 |
| teward | (E: No CVE Found for that cve) | 19:05 |
| sarnold | yeah, with the usual caveats about web site refresh times etc | 19:06 |
| mdeslaur | our web site is updated by a monkey on a unicycle | 19:07 |
| mdeslaur | sometimes he falls off | 19:07 |
| teward | hah makes sense | 19:07 |
| sarnold | pray for mojo | 19:09 |
| mdeslaur | https://ubuntu.com/security/notices/USN-5252-1 | 19:16 |
| teward | thanks mdeslaur | 19:26 |
| mdeslaur | np! | 19:26 |
| JanC | falls off? you insult him! he just had a flat... | 19:26 |
| mdeslaur | if he wasn't so fat, he wouldn't get flats! | 19:27 |
| fungi | i'm confused by this https://security-tracker.debian.org/tracker/CVE-2022-0185 | 21:50 |
| ubottu | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0185> | 21:50 |
| fungi | er, rather the ubuntu tracker's entry for itt | 21:51 |
| fungi | https://ubuntu.com/security/CVE-2022-0185 | 21:51 |
| fungi | "Published: 18 January 2021" | 21:51 |
| fungi | it's like a time machine | 21:52 |
| fungi | the package versions there are older too... makes me wonder if some wires got crossed? | 21:52 |
| fungi | er, i guess the details on it are correct, so maybe it's just the publication date got the wrong year entered, not as significant as i first thought | 21:54 |
| fungi | the package versions listed there do appear to be the correct ones | 21:55 |
| sarnold | hrmph I thought I fixed that a few days ago https://git.launchpad.net/ubuntu-cve-tracker/commit/active/CVE-2022-0185?id=98db870ced1ff5bd87b4b3828e1b224ee317e942 | 22:09 |
| ubottu | Commit 98db870 in ubuntu-cve-tracker "time travel" | 22:09 |
| ubottu | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0185> | 22:09 |
| sarnold | sbeattie: is ^^ this ^^ the same thing you're currently debugging? | 22:10 |
| sbeattie | yes | 22:10 |
| sbeattie | I have a fix in place, and it should now be processing all of the tracker updates since last friday. :/ | 22:11 |
| sarnold | woot, thanks | 22:12 |
| sbeattie | fungi, sarnold: okay, the correct 2022 published date should be visible at https://ubuntu.com/security/CVE-2022-0185 ; you may need to force reload to clear out the proxy that lies in between. | 22:12 |
| ubottu | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0185> | 22:12 |
| sarnold | woot there it is | 22:13 |
| sarnold | (enjoy the earworm :) | 22:13 |
| fungi | thanks sarnold and sbeattie! | 22:18 |
| fungi | my faith in linear time was/will be restored | 22:18 |
| sarnold | funny, I'm dense enough to distort time within my sphere of influence... | 22:19 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!