On Mon, 18 Jan 2021 19:19:14 -0800 Benjamin Kaduk <ka...@mit.edu> wrote:
On Mon, Jan 18, 2021 at 06:04:39PM +0000, Jeremy Stanley wrote:
> Thanks for pulling this into unstable and testing! Is there any work
> in progress to fix it in stable as well? I took a quick peek in
> Salsa and didn't see any merge requests or an obvious branch for
> Buster's 1.8.2 (just the debian/1.8.2-1 tag).
It is a clear candidate to fix in stable, though the only concrete steps
I've been able to take so far are to confirm with the security team that it
is not a candidate for being fixed via a DSA.
The actual work of backporting the patches should be ~trivial, so the
process work of engaging with the release team will be the dominating
factor.
-Ben
Even though this fix is not strictly about security, without the fix it
makes it impossible to patch the kernel and reboot our servers as this
restart breaks the OpenAFS client.
So I urge the package maintainers to build a buster version containing
the fix.
A. Lewenberge
