Bug#1058720: slurm-wlm: CVE-2023-49933 CVE-2023-49935 CVE-2023-49936 CVE-2023-49937 CVE-2023-49938

[Salvatore Bonaccorso <carnil@debian.org>]

Ciao Gennaro,

On Sat, Feb 03, 2024 at 12:28:24PM +0100, Gennaro Oliva wrote:
> Ciao Salvatore,
> 
> On Sun, Jan 28, 2024 at 11:37:34AM +0100, Salvatore Bonaccorso wrote:
> > Reviewing your uploaded changes, the changelog mentions
> > CVE-2023-49935, but believe his was not affecting 22.05.8.  Let's
> > still release with that in the changelog, the security-tracker should
> > be already correct on that.
> 
> Sorry about that, I also forgot to build and upload the contrib package
> (check #1062264) I have uploaded at the same url and attached the debdiff.
> 
> https://people.debian.org/~oliva/slurm-wlm-22.05.8-4+deb12u2

Right I see we should have handled this similarly to DSA 5529-1. If
you have tested the update then please do update. I think we should
drop the CVE-2023-49935 reference here as well?

> > Do you have any progress for unstable/trixie so we do not have a
> > regression once after the DSA is released?
> 
> I'm working on it this week end. It is a major release upgrade. I hope
> to release it at the beginning of next week.

Ok!

Regards,
Salvatore