Re: bson CVEs in (E)LTS
Hi,
On 31/03/2025 16:25, Roberto C. Sánchez wrote:
On Mon, Mar 31, 2025 at 04:58:25PM +0300, Adrian Bunk wrote:
Copies of the bson code are also in the (E)LTS supported packages
libbson/stretch and libbson-xs-perl/bullseye.
I am aware of libson/stretch but not of libbson-xs-perl/bullseye. I
could handle that one as well, and I can claim it once it pops up in
ela-needed.txt.
Do we want to update data/embedded-code-copies to reference libbson-xs-perl?
e.g.
diff --git a/data/embedded-code-copies b/data/embedded-code-copies
index 19611b261b..77696af1af 100644
--- a/data/embedded-code-copies
+++ b/data/embedded-code-copies
@@ -3524,9 +3524,9 @@ bootstrap-markdown.js (not packaged in Debian; no ITP)
libjs-chartkick.js
- python-chartkick <unfixed> (embed; bug #836577)
-libbson
- - mongo-c-driver <unfixed> (embed)
- NOTE: src:mongo-c-driver builds as well libbson binary package
and superseeds src:libbson
+mongo-c-driver
+ - libbson-xs-perl <unfixed> (embed)
+ NOTE: src:mongo-c-driver builds as well libbson binary package
and superseeds src:libbson/stretch
spdlog
- rapmap <unfixed> (embed; bug #909766)
Cheers!
Sylvain
Reply to: