| === chris14_ is now known as chris14 | ||
| === wete_ is now known as wete | ||
| mcphail | Hi. WRT cve-2024-1724 again, this was disclosed 20th Feb, patched 13th March and fix deployed through April. I haven't had any communication from the upstream team about disclosure, so unless there is a compelling and credible reason not to I intend to publish a wee blog post tomorrow. | 11:44 |
|---|---|---|
| -ubottu:#ubuntu-security- ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1724> | 11:44 | |
| ebarretto | amurray, ^ | 11:48 |
| ebarretto | mcphail, have you seen the email thread answer from amurray ? | 11:50 |
| mcphail | ebarretto: no - haven't been included in any emails since 12th April where Alex had suggested an update in a few days | 11:53 |
| ebarretto | mcphail, yes, that's the one. I think they still need a couple more days. amurray might be able to confirm tomorrow as he is already EOD by now I think | 11:54 |
| mcphail | Ok, thanks ebarretto. Happy to hold off if there is progress but coming up to a very busy period at work just now and keen to get simple things tidied up | 11:58 |
| amurray | mcphail: apologies again .. I'm just checking once more with the associated development team (my contact their appears to be offline atm and I'm about to go to bed myself but will post back in my morning what their response is) | 13:08 |
| mcphail | Thanks amurray . Sorry to keep troubling you | 13:39 |
| UnivrslSuprBox | There's a change in `apparmor (4.0.1-0ubuntu1) oracular` described as "Add condition in policydb serialization to only encode xtable if kernel_supports_permstable32". This change allows oracular's apparmor_parser to load `abstractions/opencl-pocl` on Ubuntu kernel 5.15 from jammy. noble's apparmor_parser cannot load that abstraction into jammy's kernel. | 16:51 |
| UnivrslSuprBox | I unfortunately have a usecase where I'm doing just that (loading noble's policy into jammy's kernel) which I know is worth telling me to go away for | 16:51 |
| UnivrslSuprBox | But, is that change candidate for backport from oracular to noble? | 16:52 |
| ebarretto | georgiag, ^ | 16:53 |
| UnivrslSuprBox | Happy to file bugs and do any needful there, but I didn't want to start with that if the answer here was "kindly go pound sand" :P | 16:55 |
| georgiag | UnivrslSuprBox: yes, that change is on its way onto the noble apparmor package. we had to wait until it was in oracular to start the SRU process. I'm tracking the SRU here https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064672 | 17:04 |
| -ubottu:#ubuntu-security- Launchpad bug 2064672 in apparmor (Ubuntu) "[SRU] - fixes for apparmor on noble" [Undecided, New] | 17:04 | |
| georgiag | UnivrslSuprBox: that scenario is not that uncommon given that you could have a noble lxd container running on jammy, which would be using jammy's kernel... if you need it urgently, you could use the ppa I linked in the bug https://launchpad.net/~georgiag/+archive/ubuntu/apparmor-4.0.1-redo/+packages, since it's going to take a couple of weeks to complete the SRU process | 17:06 |
| UnivrslSuprBox | Oh, excellent. Thank you! | 17:06 |
| georgiag | UnivrslSuprBox: no problem. let me know if you run into any issues | 17:06 |
| ahasenack | uh, expat 2.6.2 has this interesting Changes entry: https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes#L14 | 19:17 |
| ahasenack | "(help with) fixing a complex non-public security issue" | 19:17 |
| arraybolt3 | ahasenack: mmm, mystery critical bugs are the best ones | 19:38 |
| ahasenack | for whom? :) | 19:38 |
| sarnold | yikes | 20:58 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!