Bug#1036453: unblock: libvirt/9.0.0-4
Hi Andrea,
On Sun, May 21, 2023 at 12:37:17PM +0200, Andrea Bolognani wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: libvirt@packages.debian.org
> Control: affects -1 + src:libvirt
>
> Please unblock package libvirt
>
>
> [ Reason ]
>
> Fix CVE-2023-2700.
>
>
> [ Impact ]
>
> Fix CVE-2023-2700.
>
>
> [ Tests ]
>
> I haven't found tests covering this specific functionality. However,
> the change is part of libvirt 9.3.0, which is already in Debian
> experimental as well as other distributions such as Fedora, and to
> the best of my knowledge no issues with it have been reported.
>
>
> [ Risks ]
>
> The change has already been reviewed and accepted upstream. The
> function being patched hasn't changed between 9.0.0 and 9.3.0, so the
> backport was a clean one. I have reviewed the changes again in the
> context of the Debian package.
>
>
> [ Checklist ]
>
> [x] all changes are documented in the d/changelog
> [x] I reviewed all changes and I approve them
> [x] attach debdiff against the package in testing
>
>
> [ Other info ]
>
> N/A
>
>
> unblock libvirt/9.0.0-4
I think in this case you can take advantage of
https://release.debian.org/testing/freeze_policy.html#full
in "Applying for an unblock", item 5, as the diff is very small and
targetted to add the missing g_free you could upload already to
unstable to avoid the additional rountrip (in particular as the hard
deadlines are approaching).
Hope this helps,
Regards,
Salvatore
Reply to: