On 5/6/21 9:03 PM, Salvatore Bonaccorso wrote: > close 985104 2:17.1.1-1 > thanks > > Apparently, following https://bugs.launchpad.net/neutron/+bug/1902917 there is > disagreement on if the issue was incompletely fixed or not but still upstream > seems to have considered CVE-2021-20267. > > OpenStack maintainers, double-check as well please. > > Regards, > Salvatore
Hi Salvatore, To me, the issue isn't fixed upstream. The patch at: https://review.opendev.org/c/openstack/neutron/+/783743 hasn't been merged. I expect it to be backported by upstream to the version in Bullseye. Probably it would be more reasonable to wait until the patch is merged upstream before we/I apply it in Debian. Cheers, Thomas Goirand (zigo)
