I feel like the CVE referenced in the nova upload,[CVE-2017-7214] Failed notification payload is dumped in logs with auth secrets, should be called out in the changelog and the Launchpad bug should have an Ubuntu yakkety task.
I'm not sure I've seen an SRU with a CVE fix in it though, is this normally done? ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-7214 ** Changed in: nova (Ubuntu Yakkety) Status: New => Incomplete ** Changed in: aodh (Ubuntu Yakkety) Status: New => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1688557 Title: [SRU] newton stable releases To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1688557/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
