Potential undetected dependency in builds against libseccomp 2.4 (in proposed)

[Christian Ehrhardt]

On Wed, May 29, 2019 at 10:52 AM Christian Ehrhardt
<christian.ehrhardt at canonical.com> wrote:
>
> Hi,
> this might end up as a big red herring and if that is the case I beg
> your pardon for the noise.
> But I want to know our active releases on the save side on this.
>
> I happened to find an issue [1] between the libseccomp 2.4 in
> -proposed and builds against it.
> The TL;DR is that builds might end up essentially depending on 2.4
> being installed but are NOT picking up that as versioned dependency.
>
> It needs to be better understood, but for the time being I'd ask e.g.
> the SRU Team to be extra cautious releasing things that had
> libseccomp-dev in their build dependencies.
>
> More details are on the bug [1].
> I guess me or security will reply here once it is better understood.

The case is analyzed and severity no more that bad, feel free to
release things as usual anything except qemu in Disco until the SRU
upload with this bug for qemu shows up in disco-unapproved.

> [1]: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1830859
>
> --
> Christian Ehrhardt
> Software Engineer, Ubuntu Server
> Canonical Ltd



-- 
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd