[19:04] <teward> oss-security just had a post with a note from the polkit upstream about a patch for CVE-2021-4034 (which is not in the tracker that I could tell), is the Security Team going to check this?  (pwnkit, local priv escalation in pkexec)
[19:04] <ubottu> ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4034>
[19:05] <mdeslaur> teward: usn is coming out in a couple of minutes
[19:05] <teward> mdeslaur: ah, nice.  and the tracker will be updated as well I assume?
[19:05] <teward> (E: No CVE Found for that cve)
[19:06] <sarnold> yeah, with the usual caveats about web site refresh times etc
[19:07] <mdeslaur> our web site is updated by a monkey on a unicycle
[19:07] <mdeslaur> sometimes he falls off
[19:07] <teward> hah makes sense
[19:09] <sarnold> pray for mojo
[19:16] <mdeslaur> https://ubuntu.com/security/notices/USN-5252-1
[19:26] <teward> thanks mdeslaur 
[19:26] <mdeslaur> np!
[19:26] <JanC> falls off? you insult him! he just had a flat...
[19:27] <mdeslaur> if he wasn't so fat, he wouldn't get flats!
[21:50] <fungi> i'm confused by this https://security-tracker.debian.org/tracker/CVE-2022-0185
[21:50] <ubottu> ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0185>
[21:51] <fungi> er, rather the ubuntu tracker's entry for itt
[21:51] <fungi> https://ubuntu.com/security/CVE-2022-0185
[21:51] <fungi> "Published: 18 January 2021"
[21:52] <fungi> it's like a time machine
[21:52] <fungi> the package versions there are older too... makes me wonder if some wires got crossed?
[21:54] <fungi> er, i guess the details on it are correct, so maybe it's just the publication date got the wrong year entered, not as significant as i first thought
[21:55] <fungi> the package versions listed there do appear to be the correct ones
[22:09] <sarnold> hrmph I thought I fixed that a few days ago https://git.launchpad.net/ubuntu-cve-tracker/commit/active/CVE-2022-0185?id=98db870ced1ff5bd87b4b3828e1b224ee317e942
[22:09] <ubottu> Commit 98db870 in ubuntu-cve-tracker "time travel"
[22:09] <ubottu> ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0185>
[22:10] <sarnold> sbeattie: is ^^ this ^^ the same thing you're currently debugging?
[22:10] <sbeattie> yes
[22:11] <sbeattie> I have a fix in place, and it should now be processing all of the tracker updates since last friday. :/
[22:12] <sarnold> woot, thanks
[22:12] <sbeattie> fungi, sarnold: okay, the correct 2022 published date should be visible at https://ubuntu.com/security/CVE-2022-0185 ; you may need to force reload to clear out the proxy that lies in between.
[22:12] <ubottu> ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0185>
[22:13] <sarnold> woot there it is
[22:13] <sarnold> (enjoy the earworm :)
[22:18] <fungi> thanks sarnold and sbeattie!
[22:18] <fungi> my faith in linear time was/will be restored
[22:19] <sarnold> funny, I'm dense enough to distort time within my sphere of influence...