[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revisiting some old DLAs



On Fri, Dec 06, 2024 at 10:10:19PM -0500, Roberto C. Sánchez wrote:
> The Security Team has supplied a list of packages/CVEs which were fixed
> by DLA (some in bullseye and some in buster) but which remain unfixed in
> bookworm (and which are tagged no-dsa, indicating that the Security Team
> has no immediate plans to address them).
> 
> Based on this information, I have created issues in Salsa (in the
> lts-team/lts-updates-tasks project) to track necessary updates.
> Depending on the specific package and CVEs, some only require
> coordination with SRM and the maintainer for a proposed-update to fix
> the applicable CVEs, while others require a bullseye DLA, and a few
> require both.
[...]

that's awesome, thank you! 


-- 
cheers,
	Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

First they ignore you, then they laugh at you, and then it's too late.
Don't look up!

Attachment: signature.asc
Description: PGP signature


Reply to: