For a while I've been meaning to raise the topic of dropping requirement
#5 from
https://governance.openstack.org/tc/reference/tags/vulnerability_managed.html#requirements
since it was a high bar to clear and even projects which were previously
under vulnerability management before the tag existed
I see there's a series bugtask confirmed for Stein. Does this affect
other branches presently under stable maintenance?
Also, as openstack/os-vif is not tagged vulnerability:managed in
governance and the Nova bugtask was invalidated, I'm marking our
Advisory task Won't Fix but am still happy to
Reviewed: https://review.opendev.org/672834
Committed:
https://git.openstack.org/cgit/openstack/os-vif/commit/?id=655c83d706f5de8a8cf23430782e065219297aef
Submitter: Zuul
Branch:master
commit 655c83d706f5de8a8cf23430782e065219297aef
Author: Sean Mooney
Date: Thu Jul 25 22:16:42 2019
** Also affects: os-vif/stein
Importance: Undecided
Status: New
** Also affects: os-vif/trunk
Importance: High
Assignee: sean mooney (sean-k-mooney)
Status: In Progress
** Changed in: os-vif/stein
Status: New => Confirmed
** Changed in: os-vif/stein
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.
** Information type changed
triaging as high as folding could lead to network disruption to guests
on multiple hosts.
i have root caused this as a result of combining the code into a single
shared codepath between the ovs and linux bridge plugin
for ovs hybrid plug we set the ageing to 0 to prevent packet loss during
live
6 matches
Mail list logo
