On 29/03/2024 22.10, Michael Catanzaro wrote:
On Fri, Mar 29 2024 at 08:16:55 PM +00:00:00, Richard W.M. Jones
<[email protected]> wrote:
These are the exact builds which were vulnerable. Note the tags are
all empty because Kevin untagged them last night, so you'll probably
need to cross-reference these with bodhi updates.
OK, I am going to ask Product Security to edit their blog post to remove the
incorrect information. I will CC you on that request.
Thanks,
Michael
Confusion is increasing a little among different channels, and it would be nice
if the RH blog post and the Red Hat CVE page would be updated, and maybe
clarified: According to Adam Williamson, F40 is likely to have installed the
packages because testing is enabled by default in pre-release. If I got Rich
right, the malicious code is likely to be broken on F40, but F40 users still
should update to be sure.
At the moment several "versions" and "assumptions" are rising that try to somehow make sense of the
different publications (e.g., header of RH article "F41 and rawhide" -> headline in content "F40 and
rawhide"). I don't know how the assumption came up that F40 is only affected if users opted in for testing, but that
interpretation already ended up in the Fedora Magazine and in the official linkedin post of Fedora (I already asked to
correct it).
Creating some clarification and unify our information provision can help to get rid of the current
interpretations between "F40 - just don't care" and "F40 - the end of the world is
coming" (sorry for the dramatization ;). I think one or two sentences in the RH blog post + RH
CVE page should be fine to clarify, to avoid further confusion and to re-unify knowledge towards
the facts, of course the same for the Fedora Magazine article but that's already underway.
--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
