On Fri, Dec 06, 2024 at 10:10:19PM -0500, Roberto C. Sánchez wrote: > The Security Team has supplied a list of packages/CVEs which were fixed > by DLA (some in bullseye and some in buster) but which remain unfixed in > bookworm (and which are tagged no-dsa, indicating that the Security Team > has no immediate plans to address them). > > Based on this information, I have created issues in Salsa (in the > lts-team/lts-updates-tasks project) to track necessary updates. > Depending on the specific package and CVEs, some only require > coordination with SRM and the maintainer for a proposed-update to fix > the applicable CVEs, while others require a bullseye DLA, and a few > require both. [...] that's awesome, thank you! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ First they ignore you, then they laugh at you, and then it's too late. Don't look up!
Attachment:
signature.asc
Description: PGP signature