Re: script to review no-dsa packages fixed in LTS-1 and TLS+1
On 19/07/2020 11:52, Thorsten Alteholz wrote:
> Hi Emilio,
>
> thanks a lot for working on this.
>
> On Tue, 7 Jul 2020, Emilio Pozuelo Monfort wrote:
>> CVE-2019-11187/gosa fixed in jessie and buster but no-dsa in stretch (Minor
>> issue)
>
> This seems to have been fixed via opu.
>
>> CVE-2019-3866/mistral fixed in jessie and buster but no-dsa in stretch (Minor
>> issue; can be fixed via point release)
>> CVE-2019-3866/python-oslo.utils fixed in jessie and buster but no-dsa in
>> stretch (Minor issue; can be fixed via point release)
>
> mistral in buster has been fixed via unstable, so should not be mentioned here,
> shouldn't it?
> python-oslo.utils is <not-affected> in jessie. Probably one CVE for two
> different packages resolved differently confused your script?
Yeah, looks like the script tripped on that special case. I'll have a look at it.
Thanks,
Emilio
Reply to: