[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bson CVEs in (E)LTS

On Mon, Mar 31, 2025 at 04:42:59PM +0200, Sylvain Beucler wrote:
>...
> Do we want to update data/embedded-code-copies to reference libbson-xs-perl?
> 
> e.g.
> diff --git a/data/embedded-code-copies b/data/embedded-code-copies
> index 19611b261b..77696af1af 100644
> --- a/data/embedded-code-copies
> +++ b/data/embedded-code-copies
> @@ -3524,9 +3524,9 @@ bootstrap-markdown.js (not packaged in Debian; no ITP)
>  libjs-chartkick.js
>         - python-chartkick <unfixed> (embed; bug #836577)
> 
> -libbson
> -       - mongo-c-driver <unfixed> (embed)
> -       NOTE: src:mongo-c-driver builds as well libbson binary package and
> superseeds src:libbson
> +mongo-c-driver
> +       - libbson-xs-perl <unfixed> (embed)
> +       NOTE: src:mongo-c-driver builds as well libbson binary package and
> superseeds src:libbson/stretch
>...

For ELTS having libbson there would be useful:

mongo-c-driver
  - libbson <removed> (embed)
  - libbson-xs-perl <unfixed> (embed)

> Cheers!
> Sylvain

cu
Adrian

BTW: I've already opened #1101756 in libbson-xs-perl.
Reply to: