Re: Addressing Mojolicious CVE-2024-58134 and CVE-2024-58135 in sid

To: team@security.debian.org
Cc: debian-lts@lists.debian.org
Subject: Re: Addressing Mojolicious CVE-2024-58134 and CVE-2024-58135 in sid
From: Sylvain Beucler <beuc@beuc.net>
Date: Tue, 27 May 2025 18:12:15 +0200
Message-id: <[🔎] 1d287153-799f-4da4-af12-d0174cc6f284@beuc.net>
In-reply-to: <[🔎] aC8fm7MAvYFExe-V@eldamar.lan>
References: <[🔎] 875xhtotyz.fsf@zephyr.silentflame.com> <[🔎] aC8fm7MAvYFExe-V@eldamar.lan>

Hi,

On 22/05/2025 14:59, Salvatore Bonaccorso wrote:

Do "nothing" (for now) and mark the issue as <no-dsa> or its substate
<ignored> for your older suites. We keep the status as it is for
unstable and once/if things changes upstream align it with those.

If we expect change in the future, let's use "<postponed> (..., revisitwhen fixed upstream)" rather than "<ignored>" for older dists. Weusually consider <ignored> definitive hence we won't recheck it (ever).


Cheers!
Sylvain

Reply to:

References:
- Addressing Mojolicious CVE-2024-58134 and CVE-2024-58135 in sid
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: Addressing Mojolicious CVE-2024-58134 and CVE-2024-58135 in sid
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: bookwork-pu for glibc CVE-2025-4802
Next by Date: Re: bookwork-pu for glibc CVE-2025-4802
Previous by thread: Re: Addressing Mojolicious CVE-2024-58134 and CVE-2024-58135 in sid
Next by thread: DebCamp 25 Security Tracker sprint - planning announcement
Index(es):
- Date
- Thread