[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Vulnerable git in bullseye - what's the process?

On Sat, 28 Jan 2023 at 03:56, Tixy <tixy@yxit.co.uk> wrote:
> On Fri, 2023-01-27 at 11:28 +0000, Brad Rogers wrote:
> > On Fri, 27 Jan 2023 11:36:12 +0100 "Sijmen J. Mulder" <ik@sjmulder.nl> wrote:

> > > I was surprised to find that the recent git vulnerability hasn't yet
> > > been addressed in Bullseye:

> > > https://security-tracker.debian.org/tracker/CVE-2022-41903

> > The security-tracker CVE page you cited has links to all the
> > information you requested.

> Does it? It links to a bug which says it's been fixed in sid. And the
> PTS shows it was fixed yesterday in old-stable and sid. But no sign I
> can see that anything is being done for stable (Bullseye) which is what
> Sijmen asked about. (I wouldn't know where to look for stable security
> update activity).

Announcement today regarding Stable (Bullseye) distribution:
  https://lists.debian.org/debian-security-announce/2023/msg00022.html
Reply to: