Hi Thomas,
On 11/09/2022 12:50, Thomas Goirand wrote:
Hi,
In the OpenStack team git, there are updates for nova
2:18.1.0-6+deb10u1 (CVE-2019-14433/ OSSA-2019-003). Can someone pick
it up and upload it to Buster? It was never accepted in Buster due to
the difficulties communicating with the Stable release team (too slow
response, etc. that leads to /me giving up...). Though IMO, it'd be a
very good candidate for buster LTS.
The latest Buster version is in the debian/rocky branch at:
https://salsa.debian.org/openstack-team/services/nova/
How to proceed? Can I simply upload the normal way? IS there a 3rd
party peer reviewing accepting / rejecting uploads for LTS?
I have taken a look at the package, and am a bit unease at the debconf
changes, as I'm not particularly well versed in that front. I have done
some piuparts testing, and at least that works well, though that's
non-interactive so perhaps it's not fully testing that part. However
given that you have tested that change (as well as the others) and that
the changes are in bullseye, I think we can go ahead with it. Please
upload a _source.changes to security-master targeting buster-security,
and I can help or take care of the paperwork.
Cheers,
Emilio