Bug#1036123: [pre-approval] unblock: libcap2/1:2.66-4
HI Christian,
N.B. not part of the release team.
On Mon, May 15, 2023 at 09:00:30PM +0200, Christian Kastner wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: libcap2@packages.debian.org
> Control: affects -1 + src:libcap2
>
> Please unblock package libcap2
>
> This fixes two minor CVEs for which the fix was published today. The fix
> consists of cherry-picking two small patches from upstream.
>
> I'm erring on the side of caution here and asking for pre-approval, as
> the issues this fixes were considered to be minor and I'm not sure
> whether "CVE" by itself automatically satisfies the threshold for direct
> upload.
>
> [ Reason ]
> Fix for two security issues.
>
> [ Impact ]
> Without this release, users will be left vulnerable to two minor issues.
>
> [ Tests ]
> All upstream tests passed, including those requiring root (tested within
> a VM).
>
> [ Risks ]
> Little to none. The two patches are trivial.
>
> [ Checklist ]
> [X] all changes are documented in the d/changelog
> [X] I reviewed all changes and I approve them
> [X] attach debdiff against the package in testing
>
> unblock libcap2/1:2.66-4
> diff -Nru libcap2-2.66/debian/changelog libcap2-2.66/debian/changelog
> --- libcap2-2.66/debian/changelog 2022-12-21 21:19:49.000000000 +0100
> +++ libcap2-2.66/debian/changelog 2023-05-15 20:34:57.000000000 +0200
> @@ -1,3 +1,9 @@
> +libcap2 (1:2.66-4) unstable; urgency=medium
> +
> + * Apply upstream patches for CVE-2023-2602, CVE-2023-2603
> +
> + -- Christian Kastner <ckk@debian.org> Mon, 15 May 2023 20:34:57 +0200
We had I guess a small overlap in bugreporting, can you as well
include bug closer for #1036114 in your upload?
Regards,
Salvatore
Reply to: