Re: multiple RPKI-related vulnerabilities in stable

To: SEEWEB - Marco d'Itri <md@seeweb.it>, debian-release@lists.debian.org, security@debian.org
Subject: Re: multiple RPKI-related vulnerabilities in stable
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 30 Nov 2021 09:14:38 +0100
Message-id: <[🔎] 20211130081438.nophzcqwqtqjqnil@inutil.org>
In-reply-to: <[🔎] YaQJRegt6fITwsWF@bongo.bofh.it>
References: <[🔎] YaQJRegt6fITwsWF@bongo.bofh.it>

Hi Marco,

On Sun, Nov 28, 2021 at 11:57:09PM +0100, SEEWEB - Marco d'Itri wrote:
> https://rpki.exposed/ lists a long number of vulnerabilities affecting 

Ironically this website is unreachable since at least yesterday :-)

> It is not really practical to extract and backport all these patches, so 

Let's fix these via bullseye-security, version numbers would be:
rpki-client 7.5-1~deb11u1
fort-validator 1.5.3-1~deb11u1
cfrpki 1.4.2-1~deb11u1

Note that the dak installations on security.debian.org and ftp.debian.org
don't share tarballs, so these need to be rebuild with -sa to include the
orig tarballs in the changes file.

Cheers,
        Moritz

Reply to:

References:
- multiple RPKI-related vulnerabilities in stable
  - From: SEEWEB - Marco d'Itri <md@seeweb.it>

Prev by Date: NEW changes in stable-new
Next by Date: Bug#1000858: release.debian.org: block llvm-toolchain-9 binNMU 1:9.0.1-20+b1 from migrating to testing
Previous by thread: multiple RPKI-related vulnerabilities in stable
Next by thread: Bug#1000811: bullseye-pu: package debian-edu-doc/2.11.26+deb11u1
Index(es):
- Date
- Thread