Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1
On Tue, 19 Sept 2023 at 08:21, Salvatore Bonaccorso <carnil@debian.org> wrote:
>
> Hi
>
> (not a SRM here, but below some comments)
>
> On Fri, Sep 08, 2023 at 01:32:05PM +0200, Frode Nordahl wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: bookworm
> > User: release.debian.org@packages.debian.org
> > Usertags: pu
> > X-Debbugs-Cc: pkg-systemd-maintainers@lists.alioth.debian.org
> >
> > Dear Release Team,
> >
> > We would like to upload the latest stable point release of ovn 23.03
> > to bookworm-p-u. Stable release branches are maintained upstream with
> > the intention of providing bug fixes only and no compatibility
> > breakages, and with automated non-trivial CI jobs that also cover
> > Debian and Ubuntu.
> >
> > Debdiff attached. Packaging updated with gbp/salsa config for new
> > bookworm stable branch and in-flight patches to fix an issue with
> > unnecessary logging breaking one of the tests introduced in the point
> > release.
>
> Your debdiff did not make it to the list I think because of the size.
>
> Two obervations: Can you please close #1043598 in the debian/changelog
> as well as the update addresses CVE-2023-3153.
>
> You would need first to make sure the fixes land in unstable unless
> you plan to diverge and go to a new upstream version for another
> branch. But make sure CVE-2023-3153 / #1043598 fix is included in
> usntable as well.
>
> Hope this helps,
Yes this will diverge from unstable, where we have just uploaded a new
major version.
Changelog mentions CVE and bug:
ovn (23.03.1-1~deb12u1) bookworm; urgency=medium
* Team upload.
* Update upstream source from tag 'upstream/23.03.1'
- Add CoPP for the svc_monitor_mac. This addresses CVE-2023-3153.
(Closes: #1043598)
* d/p/*vif-plug-representor*: Lower severity of failure to set udev
receive buffer size (LP: #2034700).
-- Frode Nordahl <frode.nordahl@canonical.com> Fri, 08 Sep 2023 09:02:09 +0200
Reply to: