Bug#988442: unblock: linux/5.10.40-1
- To: 988442@bugs.debian.org
- Cc: Cyril Brulebois <kibi@debian.org>, Paul Gevers <elbrus@debian.org>, debian-boot@lists.debian.org, debian-kernel@lists.debian.org
- Subject: Bug#988442: unblock: linux/5.10.40-1
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Tue, 1 Jun 2021 08:06:18 +0200
- Message-id: <YLXOWgAsgG/U5F6w@eldamar.lan>
- Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 988442@bugs.debian.org
- In-reply-to: <YLCvyP1vA7KDZk4n@eldamar.lan>
- References: <162089102901.1603261.2198248663788655339.reportbug@eldamar.lan> <162089102901.1603261.2198248663788655339.reportbug@eldamar.lan> <YKUubazjkXSO67Rj@eldamar.lan> <1e5310c6-9862-f432-c04c-eebfcea3f18f@debian.org> <20210527090414.244yxtve6aa7frwu@mraw.org> <162089102901.1603261.2198248663788655339.reportbug@eldamar.lan> <YLCvyP1vA7KDZk4n@eldamar.lan> <162089102901.1603261.2198248663788655339.reportbug@eldamar.lan>
Hi Cyril, Paul,
On Fri, May 28, 2021 at 10:54:32AM +0200, Salvatore Bonaccorso wrote:
> Control: retitle -1 unblock: linux/5.10.40-1
>
> Hi Paul, hi Cyril,
>
> On Thu, May 27, 2021 at 11:04:14AM +0200, Cyril Brulebois wrote:
> > Paul Gevers <elbrus@debian.org> (2021-05-27):
> > > Control: tags -1 confirmed d-i
> > >
> > > @boot: needs d-i ACK. As I believe you are aware of, the upload has
> > > already happened.
> > >
> > > @kibi: feel free to age it if/when you see fit
> >
> > We've just discussed that (with Salvatore) on IRC minutes ago, and it
> > seems like this unblock request will be withdrawn/recycled for another
> > version, that version needs fixing.
>
> So let's give some background. Whilst it would have bee good to
> finally move linux/5.10.38-1 to testing because it contained many
> needed bugfixes and in particular as well the CVE fixes for the bpf
> issues, doing so would have introduced the worse bpf issue
> CVE-2021-33200.
>
> Cf. https://www.openwall.com/lists/oss-security/2021/05/27/1
>
> I uploaded now 5.10.40-1 which contains those fixes for CVE-2021-33200
> in the upload, we should ensure those fixes go into bullseye.
>
> Assuming we notice no issues with that upload, once Cyril is fine with
> it as well from d-i perspective, please let it migrate to bullseye.
The version is not 4 days in unstable, looks good to me to let it
migrate to testing (unless Cyril spotted issues in recent d-i tests).
The FragAttack CVE fixes were now queued upstream as well for the
stable series, so I expect I can followup soon with a follow up for
those as well "soonish". But we should first let 5.10.40-1 enter
bullseye in any case.
Thanks all for your work!
Regards,
Salvatore
Reply to: