So, without looking at the code other than to find out that iscsitarget is still vulnerable to CVE-2010-2221, I started wondering why we had both tgt and iscsitarget in main. tgt was needed as part of the Eucalyptus MIR, but seems it got demoted because eucalyptus got demoted.
Chuck opened the following bug report: https://bugs.launchpad.net/nova/+bug/819997. tgt is supported by RHEL and seems to have more momentum. tgt has already gone through the MIR process and would simply be a matter of reseeding. Would it be easier to not add the patch from bug #819997 and reseed tgt than to use iscsitarget? ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-2221 ** Changed in: iscsitarget (Ubuntu) Status: In Progress => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/843808 Title: [MIR] iscsitarget To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iscsitarget/+bug/843808/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
