Re: Propose to ignore libxstream-java CVEs

To: Markus Koschany <apo@debian.org>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: Propose to ignore libxstream-java CVEs
From: Anton Gladky <gladk@debian.org>
Date: Thu, 23 Sep 2021 19:40:47 +0200
Message-id: <[🔎] CALF6qJm9+-RHpO88YgcPskNxaX4LA=+6T9gisF-45xnD=tr79w@mail.gmail.com>
In-reply-to: <[🔎] 58308646b991646c8b5bf1338b281caec857893c.camel@debian.org>
References: <CABY6=0=B2hUDycVE5P2TNBZXncFvayrmDqGGcMZQmPo3S264eg@mail.gmail.com> <3f2a393b-ef07-0819-540f-09271f062432@beuc.net> <b81f4d153d88d38ee68463c8ff774863f3bd0da3.camel@debian.org> <[🔎] 58308646b991646c8b5bf1338b281caec857893c.camel@debian.org>

Hi Markus,

I have applied your patch and the pipelines are passed [1]. So, at least

nothing breaks from the "build side of view".

Yes, I took this package, but uf your are working on it, feel free to reclaim it.

[1] https://salsa.debian.org/lts-team/packages/libxstream-java/-/pipelines/292916

Best regards

Anton

Am Mi., 22. Sept. 2021 um 15:37 Uhr schrieb Markus Koschany <apo@debian.org>:

Hi all,

so far I have not found any regressions in Debian packages which depend on
libxstream-java. I propose to switch to the whitelist in all suites because
this is the only reasonable way to secure XStream. I have prepared an update
for Stretch. Anton, could you take a look at it because I saw you have claimed
libxstream-java?

https://people.debian.org/~apo/lts/libxstream-java/libxstream-java.debdiff

Regards,

Markus

Reply to:

Follow-Ups:
- Re: Propose to ignore libxstream-java CVEs
  - From: Markus Koschany <apo@debian.org>

References:
- Re: Propose to ignore libxstream-java CVEs
  - From: Markus Koschany <apo@debian.org>

Prev by Date: Re: Propose to ignore libxstream-java CVEs
Next by Date: ccextractor embeds unpatched and vulnerable source code from gpac in buster - 994746
Previous by thread: Re: Propose to ignore libxstream-java CVEs
Next by thread: Re: Propose to ignore libxstream-java CVEs
Index(es):
- Date
- Thread