[00:24] <sbeattie> FYI https://ubuntu.com/security/notices/USN-5317-1 is out and covers dirty pipe
[00:25] <sbeattie> aka CVE-2022-0847
[15:11] <teward> RE: cve-2022-0847, there's some confusion about "Needed" for Bionic and Focal - https://askubuntu.com/questions/1396716/why-is-linux-in-bionic-and-focal-affected-by-cve-2022-0847
[15:11] <teward> should I be bothering the kernel team or is the Security team aware of whether this is/isn't patched in Bionic and Focal kernels?
[15:11] <teward> my understanding of "needed" in the tracker is a little bit ambiguous.
[15:13] <mdeslaur> the flaw exists in bionic and focal, but it's not exploitable
[15:13] <mdeslaur> (yet)
[15:13] <teward> mdeslaur: check, mind if I quote you?
[15:13] <mdeslaur> we will patch bionic and focal during the next round of kernel updates
[15:13] <mdeslaur> just in case someone discovers another way to exploit the flaw
[15:13] <mdeslaur> I don't mind
[15:15] <teward> mdeslaur: thanks.  i always ask before direct quoting :)
[15:15] <fungi> thanks for the clarification!
[15:22] <mdeslaur> np
[15:57] <mdeslaur> I've added a note to the CVE, the website should get updated in a few minutes
[17:00] <teward> mdeslaur: perfect, glad to hear the notes/comments got updated with clarification.
[17:00] <teward> always like how when these kinds of things show up here it ends up with updates to the tracker ;)
[17:53] <mdeslaur> teward: thanks for bringing them up!
[17:54] <teward> yep, always happy to divert security questions your way when they're on ask ubuntu.  an advantage of me knowing where to connect :P
[17:55] <teward> s/where to connect/who to contact/
[18:51] <sarnold> :)