Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1

To: 1051466@bugs.debian.org
Subject: Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1
From: Luca Boccassi <bluca@debian.org>
Date: Thu, 28 Sep 2023 13:39:24 +0100
Message-id: <[🔎] a86ae0ec6ff9dcfbea46c589264ce61644fd753e.camel@debian.org>
Reply-to: Luca Boccassi <bluca@debian.org>, 1051466@bugs.debian.org
In-reply-to: <[🔎] CAMw=ZnShqoZKwZHeKgjzB02fHrWSimF6YL0DbO3-_HxwybJUsw@mail.gmail.com>
References: <CAKpbOAQ9-4S-tPUO8dhzys64TKtSv3cJ0ZTUANKgrcNbqJUH4Q@mail.gmail.com> <[🔎] ZQlL2OkaadGimlmc@lorien.valinor.li> <[🔎] CAMw=ZnShqoZKwZHeKgjzB02fHrWSimF6YL0DbO3-_HxwybJUsw@mail.gmail.com> <CAKpbOAQ9-4S-tPUO8dhzys64TKtSv3cJ0ZTUANKgrcNbqJUH4Q@mail.gmail.com>

On Tue, 19 Sep 2023 08:59:05 +0100 Luca Boccassi <bluca@debian.org>
wrote:
> On Tue, 19 Sept 2023 at 08:21, Salvatore Bonaccorso
<carnil@debian.org> wrote:
> >
> > Hi
> >
> > (not a SRM here, but below some comments)
> >
> > On Fri, Sep 08, 2023 at 01:32:05PM +0200, Frode Nordahl wrote:
> > > Package: release.debian.org
> > > Severity: normal
> > > Tags: bookworm
> > > User: release.debian.org@packages.debian.org
> > > Usertags: pu
> > > X-Debbugs-Cc: pkg-systemd-maintainers@lists.alioth.debian.org
> > >
> > > Dear Release Team,
> > >
> > > We would like to upload the latest stable point release of ovn
23.03
> > > to bookworm-p-u. Stable release branches are maintained upstream
with
> > > the intention of providing bug fixes only and no compatibility
> > > breakages, and with automated non-trivial CI jobs that also cover
> > > Debian and Ubuntu.
> > >
> > > Debdiff attached. Packaging updated with gbp/salsa config for new
> > > bookworm stable branch and in-flight patches to fix an issue with
> > > unnecessary logging breaking one of the tests introduced in the
point
> > > release.
> >
> > Your debdiff did not make it to the list I think because of the
size.
> >
> > Two obervations: Can you please close #1043598 in the
debian/changelog
> > as well as the update addresses CVE-2023-3153.
> >
> > You would need first to make sure the fixes land in unstable unless
> > you plan to diverge and go to a new upstream version for another
> > branch. But make sure CVE-2023-3153 / #1043598 fix is included in
> > usntable as well.
> >
> > Hope this helps,
> 
> Yes this will diverge from unstable, where we have just uploaded a
new
> major version.
> 
> Changelog mentions CVE and bug:
> 
> ovn (23.03.1-1~deb12u1) bookworm; urgency=medium
> 
>   * Team upload.
>   * Update upstream source from tag 'upstream/23.03.1'
>     - Add CoPP for the svc_monitor_mac. This addresses CVE-2023-3153.
>     (Closes: #1043598)
>   * d/p/*vif-plug-representor*: Lower severity of failure to set udev
>     receive buffer size (LP: #2034700).
> 
>  -- Frode Nordahl <frode.nordahl@canonical.com>  Fri, 08 Sep 2023
09:02:09 +0200

Hi,

Any update on this? We'd like to have it in 12.2 as it fixes a (minor)
CVE. Attaching link to debdiff so that it doesn't trigger the size
issue:

https://pastebin.ubuntu.com/p/wqQ9SnNcH4/

-- 
Kind regards,
Luca Boccassi

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1
  - From: Luca Boccassi <bluca@debian.org>

Prev by Date: Bug#1052455: RE: freetype 2.12.1+dfsg-5+deb12u1 makes chromium segfault at startup
Next by Date: Bug#1053007: transition: suitesparse-7.2
Previous by thread: Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1
Next by thread: Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1
Index(es):
- Date
- Thread