/srv/irclogs.ubuntu.com/2023/03/27/#ubuntu-security.txt

=== chris14_ is now known as chris14
sudhackarA question about - https://ubuntu.com/security/CVE-2021-29955 If its released - there should be an accompanied version right? This commit https://git.launchpad.net/ubuntu-cve-tracker/commit/?id=2d3fa54 moved from needed -> released but no version11:38
-ubottu:#ubuntu-security- Commit 2d3fa54 in ubuntu-cve-tracker "cve-2021-29955 - firefox: update/retriage status"11:38
-ubottu:#ubuntu-security- A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29955>11:38
ebarrettoleosilva, ^ 12:14
leosilvaas far as could check, it is the case where the update was made without an USN so not versions were added to it, because, and probably, the update wans't done by us, but from a version to another major one.12:24
=== sdeziel_ is now known as sdeziel
sudhackarAll other released have versions updated in the whole repo - this is the single instance of the version being missing14:36
leosilvasudhackar: the update was made , and couple time after i did update the CVE with the info released, but since neither USN or entries on the changelog has the version info, it was just added as released, as the version affected was behind the newest one. 14:38
leosilvai'll check it again, later, to find the versions and update it when possibly, in any case.14:40
sudhackarah. thanks for that.14:41
leosilvayw!14:41

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!