[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bson CVEs in (E)LTS

On Mon, Mar 31, 2025 at 04:42:59PM +0200, Sylvain Beucler wrote:
> 
> Do we want to update data/embedded-code-copies to reference libbson-xs-perl?
> 
> e.g.
> diff --git a/data/embedded-code-copies b/data/embedded-code-copies
> index 19611b261b..77696af1af 100644
> --- a/data/embedded-code-copies
> +++ b/data/embedded-code-copies
> @@ -3524,9 +3524,9 @@ bootstrap-markdown.js (not packaged in Debian; no ITP)
>  libjs-chartkick.js
>         - python-chartkick <unfixed> (embed; bug #836577)
> 
> -libbson
> -       - mongo-c-driver <unfixed> (embed)
> -       NOTE: src:mongo-c-driver builds as well libbson binary package and
> superseeds src:libbson
> +mongo-c-driver
> +       - libbson-xs-perl <unfixed> (embed)
> +       NOTE: src:mongo-c-driver builds as well libbson binary package and
> superseeds src:libbson/stretch
> 
>  spdlog
>         - rapmap <unfixed> (embed; bug #909766)
> 
> 
I support this change.

-- 
Roberto C. Sánchez
Reply to: