I think it makes sense to just update this to 0.1.4 since 0.1.3 is just
the security fix and 0.1.4 is further security fixes related to the same
issue (and a few other bugfixes).
But the build tests don't work with 0.1.4 so we either need to patch
them or just go with 0.1.5 which fixes the tests and a few more
bugfixes.
Well it would be good to have 0.1.5 anyway, but I'm not sure how we want
this to work as a security update. I uploaded
bubblewrap0.1.5-1~ubuntu16.10.0 to the regular unapproved SRU queue now.
What do you think about letting it age for 7 days after being accepted
and then pushing it to yakkety-updates and yakkety-security?
Subscribing Security Sponsors for their input.
** Changed in: bubblewrap (Ubuntu)
Status: Incomplete => Confirmed
** Tags added: yakkety zesty
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1643734
Title:
privilege escalation via ptrace (CVE-2016-8659)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1643734/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
