I agree if there is a practical attack scenario we should issue an OSSA about this. The next steps are:
- review the attached patch on the bug, so that we can fast-track its approvals when we make everything public (swift-core team)
- propose and review a backport of the fix for Swift 1.8.0 (grizzly release), which I assume is affected as well (swift-core)
- produce an impact description (VMT team)
- review proposed impact description (everyone)
- request CVE (VMT team)
- coordinate public advisory release and patch merging (VMT team)
John: Will the advisory with the patch be enough, or are you going to want to do a 1.9.1 over this ?
I agree if there is a practical attack scenario we should issue an OSSA about this. The next steps are:
- review the attached patch on the bug, so that we can fast-track its approvals when we make everything public (swift-core team)
- propose and review a backport of the fix for Swift 1.8.0 (grizzly release), which I assume is affected as well (swift-core)
- produce an impact description (VMT team)
- review proposed impact description (everyone)
- request CVE (VMT team)
- coordinate public advisory release and patch merging (VMT team)
John: Will the advisory with the patch be enough, or are you going to want to do a 1.9.1 over this ?