Re: Bug#988442: unblock: linux/5.10.40-1
Hi Cyril, Paul,
On Fri, May 28, 2021 at 10:54:32AM +0200, Salvatore Bonaccorso wrote:
> Control: retitle -1 unblock: linux/5.10.40-1
> Hi Paul, hi Cyril,
> On Thu, May 27, 2021 at 11:04:14AM +0200, Cyril Brulebois wrote:
> > Paul Gevers <firstname.lastname@example.org> (2021-05-27):
> > > Control: tags -1 confirmed d-i
> > >
> > > @boot: needs d-i ACK. As I believe you are aware of, the upload has
> > > already happened.
> > >
> > > @kibi: feel free to age it if/when you see fit
> > We've just discussed that (with Salvatore) on IRC minutes ago, and it
> > seems like this unblock request will be withdrawn/recycled for another
> > version, that version needs fixing.
> So let's give some background. Whilst it would have bee good to
> finally move linux/5.10.38-1 to testing because it contained many
> needed bugfixes and in particular as well the CVE fixes for the bpf
> issues, doing so would have introduced the worse bpf issue
> Cf. https://www.openwall.com/lists/oss-security/2021/05/27/1
> I uploaded now 5.10.40-1 which contains those fixes for CVE-2021-33200
> in the upload, we should ensure those fixes go into bullseye.
> Assuming we notice no issues with that upload, once Cyril is fine with
> it as well from d-i perspective, please let it migrate to bullseye.
The version is not 4 days in unstable, looks good to me to let it
migrate to testing (unless Cyril spotted issues in recent d-i tests).
The FragAttack CVE fixes were now queued upstream as well for the
stable series, so I expect I can followup soon with a follow up for
those as well "soonish". But we should first let 5.10.40-1 enter
bullseye in any case.
Thanks all for your work!