Re: ceph 14.2.22 for bullseye
hello Daniel,
>> Please let me know if you'd like me to change anything (here or on
>> #debian-lts), or if I can proceed to upload.
I've taken a look at the proposed package and compared it with the 4
CVEs marked as outstanding against the ceph package currently in LTS.
* CVE-2023-43040: This is the RGW-related one you believe is not
valid/applicable for LTS, right?
* CVE-2022-3650: I don't see the relevant changes for this CVE in the
proposed package.
* CVE-2022-0670: Ditto this one.
* CVE-2022-0670: ... and this one also.
What am I missing? :-)
§
Separate to that, just to note that the debdiff is quite substantial:
https://people.debian.org/~lamby/debdiff-ceph.txt.xz
I'm guessing, however, that ceph is perhaps one of those packages
where uploading the point release is still going to be better than
trying to individually patch it.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org 🍥 chris-lamb.co.uk
`-
Reply to: