Hi Léo, On Tue, 30 Mar 2021 at 02:26, Léo Le Bouter <[email protected]> wrote:
> I pushed 00c67375b17f4a4cfad53399d1918f2e7eba2c7d to core-updates. Your > patch. Thank you for it. Let's watch for upstream zstd fix also. Thanks. It mitigates zstd, even if it does not solve MariaDB. One foot, then another. :-) > I pushed 9feef62b73e284e106717a386624d6da90750a3d to master. Cool! LTGM. > Ubuntu released a patch in the mean time, so while we couldnt make such > patch in a timely manner because the backport was non-trivial and > security-sensitive also didnt want to risk failing to fix the flaw > because I don't have much expertise on it, Ubuntu now has done that > work and we can just use it. Thanks for taking care. And do not consider my concerns as a slowdown but instead as a way to reach something better. For instance 9feef62b73 seems The Right Thing (AFAIU), whereas 6f873731a0 and 2bcfb944bd are not (AFAIK). On one hand, I agree that ~3 weeks appears long through the lens of security vulnerabilities. On the other hand, it is usually worth to take the time; as here. :-) Examine the various options and so the best move always takes time. Well, thanks for pushing forward with security. All the best, simon
