Inquiry on Bullseye and https://security-tracker.debian.org/tracker/CVE-2019-8457

To: debian-security@lists.debian.org
Subject: Inquiry on Bullseye and https://security-tracker.debian.org/tracker/CVE-2019-8457
From: Chris Penalver <christopher.m.penalver@gmail.com>
Date: Fri, 26 Aug 2022 05:02:55 -0400
Message-id: <[🔎] 7920faf4-8ad1-4e2d-25fe-a315039c4bbe@gmail.com>

Hi Debian Security Team,

I am inquiring on Debian Bullseye as it relates to:

https://security-tracker.debian.org/tracker/CVE-2019-8457

Specifically, it is noted the team has put in a good faith effort inanalyzing the feasibility of backporting relevant patches to Bullseye,and classifying the urgency of such effort. My read of this so far isthat it's a debug mode only exposure, normally disabled in production(by default).

With that said, for those environment who are using Bullseye, outside ofthe amount of changes required for the backport, is there any technical'gotchas' or further advice the team could provide for those who areconsidering a self-maintain of relevant patches from bookworm / sid intoBullseye while the discussion continues on this?


Thanks!

- Chris Peñalver

christopher.m.penalver@gmail.com

Reply to:

Prev by Date: Questions concerning Debian's security feed
Previous by thread: Questions concerning Debian's security feed
Index(es):
- Date
- Thread