Hi, On Tue, 16 Mar 2021 at 18:06, Léo Le Bouter <[email protected]> wrote:
> I suggest we disable the test-suite or the specific test in the interim > for other architectures. The patch attached in the previous email tweaks the offending test to allow the test suite to pass on both architectures x86_64 and i686. I am not able to test the other architectures. Well, this upgrading zstd from 1.4.4 to 1.4.9 is one way to fix, but we could also graft by backporting a patch. As Debian did for 1.4.8: <https://salsa.debian.org/med-team/libzstd/-/blob/master/debian/patches/0018-fix-file-permissions-on-compression.patch> > The CVE-2021-24032 is Base Score: 9.1 CRITICAL - which is exceptionally > high so fixing it is an absolute necessity in any branch. For Suse, the severity is moderate and they rank to 6.2. <https://www.suse.com/security/cve/CVE-2021-24032/> Well, even if I agree that security is often important, more haste and less speed, is generally good. :-) Cheers, simon
