-
Debian LTS Advisory DLA-3783-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Tobias Frost
April 07, 2024https://wiki.debian.org/LTS
On Mon, Apr 08, 2024 at 12:06:25AM +0200, Ola Lundqvist wrote:
> Hi again
>
> Today I looked at the freeimage package that we have in dla-needed.
> My conclusion is that we have 19 CVEs postponed with motivation "revisit
> when fixed upstream" and 23 CVEs that are in bullseye declared as no-dsa
>
On Mon, Apr 08, 2024 at 05:34:47PM +0200, Moritz Muehlenhoff wrote:
> On Mon, Apr 08, 2024 at 01:59:55PM +0200, Sylvain Beucler wrote:
> > Hi,
> >
> > I think this requires a bit of coordination:
> > - the package is basically dead upstream, there hasn't been a fix in the
> > official repos,
Hi,
On Sat, 23 Mar 2024, Roberto C. Sánchez wrote:
> In any event, I am happy to work towards reinitializing the Salsa issues
> experiment to start again in April and then see how it goes from there.
>
> What do you think?
It's a pity that nobody else responded... I'm no longer involved in
Hi Ola,
Thank you for putting thought into the matter of issue severity.
On Sun, Apr 07, 2024 at 11:19:08PM +0200, Ola Lundqvist wrote:
>Hi Roberto
>After first some thinking on what "constitutes a minor issue?" I did some
>research and realized that there is in fact a good
Hi,
I think this requires a bit of coordination:
- the package is basically dead upstream, there hasn't been a fix in the
official repos, neither Debian or other distros attempted to fix them
- we do have a sponsor for LTS and ELTS/stretch, so we're paid to take
care of this package
- secteam
Hi
Yes I read that. But should we keep it in dla needed when it is to update a
non lts release?
I thought the purpose of dla needed was for lts.
I understand the need to do forward porting but is dla needed the place for
that?
/ Ola
Den mån 8 apr. 2024 13:33Sylvain Beucler skrev:
> Hi,
>
>
Hi again.
I just re-read one ofthe instruction emails and realize that we have
recently extended the scope. Point taken. Will not remove runc.
/ Ola
Den mån 8 apr. 2024 14:51Ola Lundqvist skrev:
> Hi
>
> Yes I read that. But should we keep it in dla needed when it is to update
> a non lts
Hi,
Please read the dla-needed.txt entry.
It says we should sync *bullseye*.
Cheers!
Sylvain
On 07/04/2024 23:47, Ola Lundqvist wrote:
Hi fellow LTS contributors
I was about to assign runc to myself but realized that it should not be
in dla-needed.
There is just one CVE to be fixed and that
On Mon, Apr 08, 2024 at 01:59:55PM +0200, Sylvain Beucler wrote:
> Hi,
>
> I think this requires a bit of coordination:
> - the package is basically dead upstream, there hasn't been a fix in the
> official repos, neither Debian or other distros attempted to fix them
Some of the past fixes got
10 matches
Mail list logo