Infra upgrades for copy.fail CVE
Hauke Mehrtens
hauke at hauke-m.de
Mon May 4 16:31:39 PDT 2026
On 5/5/26 00:05, Baptiste Jonglez wrote:
> Hi,
>
> The risk of copy.fail on our infra is not very high, but we should patch
> anyway. The biggest risks are buildbot workers (they run semi-unstrusted
> code from the package feeds) and webservices (where any vulnerability
> would be escalated to root). I haven't seen any sign of compromise.
>
> I've just upgraded most of our infra with newer kernels with the fix:
>
> - buildbot master
> - buildbot workers (except 2 still pending because I/O is a bit slow)
> - wiki
> - forum
> - git
>
> Still pending:
>
> - remaining buildbot workers - in progress
> - main download server - planned tomorrow
> - other services (firmware selector, sysupgrade server)
> - misc infra servers
>
> Baptiste
Hi,
I triggered the OpenWrt 25.12.3 builds. Please take care that they do
not get disturbed. They should finish in about 12 hours.
Hauke
More information about the openwrt-adm
mailing list