Taking from backports - icingaweb2

To: debian-lts@lists.debian.org
Subject: Taking from backports - icingaweb2
From: Abhijith PA <abhijith@disroot.org>
Date: Thu, 2 Jun 2022 17:49:42 +0530
Message-id: <Ypiq3v9E/Gl+DJyb@disroot.org>

Hello,


Package icingaweb2 (2.4) in stretch have around 9 open CVEs. Most of 
them fixed in upstream v2.6. There isn't isolated patches available 
for CVE-2018-18246 to CVE-2018-18250.

The changes from 2.4 .. 2.6 is pretty large and not much descriptive 
to comb through and cherry pick. I have pinged upstream security team 
to help, unfortunately they couldn't single out the patches. So I was 
wondering whether its ok to upload v2.6 from stretch-backports to 
-security and fix remaining CVEs on top of that.


PS: Its not a priority package for us.

--abhijith

Reply to:

Follow-Ups:
- Re: Taking from backports - icingaweb2
  - From: Utkarsh Gupta <guptautkarsh2102@gmail.com>

Prev by Date: Re: Support for ckeditor3 in Debian
Next by Date: Stefano Rivera LTS & ELTS Report for April & May 2022
Previous by thread: Re: Support for ckeditor3 in Debian
Next by thread: Re: Taking from backports - icingaweb2
Index(es):
- Date
- Thread