Notices by Jonathan Wright :almalinux: (jonathanspw@fosstodon.org)

We're working on some exciting things at @almalinux . Any guesses as to what?

Earlier today at #almalinux we patched CVE-2023-38403 in iperf3 and released it prior to anyone else in the EL-ecosystem. We promptly submitted PRs with #centos and #fedora.

A lot was learned during this process so we can nail down the processes of doing our own patches while contributing upstream and ultimately deliver on our promises from https://almalinux.org/blog/future-of-almalinux/

#rhel #redhat

@thomrstrom I became aware of the CVE yesterday when a ticket was opened about it in Fedora. I'm a maintainer of the Fedora package so I immediately checked if AlmaLinux/RHEL were vulnerable too and proceeded from there.

My PR has been rejected by RH and I'm not terribly sure why. At least I tried, I guess, and since AlmaLinux isn't targeting 1:1 we have the patch and RHEL won't I suppose.

https://gitlab.com/redhat/centos-stream/rpms/iperf3/-/merge_requests/5#note_1476778724