Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: a278aa25 by Sylvain Beucler at 2024-03-14T12:55:27+01:00 dla: confirm drop cinder and python-os-brick Rationale: - Issue is marked Minor - No particular effort was made to fix CVE-2023-2088 in stable/oldstable since 2023-05, - No particular effort was made in LTS either, except (untested) https://salsa.debian.org/lts-team/packages/python-glance-store/-/commit/186ddf92525198c1be41e0e40a576451c2a419d7 - CVE-2020-10755 was not explicitly fixed in bullseye/bookworm, but through unstable - None of these packages are sponsored so we can't expect more focused effort in the near future So let's keep those postponed and catch-up on future stable/oldstable updates through lts-cve-triage.py. - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -51,11 +51,6 @@ cacti (Sylvain Beucler) NOTE: 20240222: Reported incomplete fix upstream (Beuc) NOTE: 20240227: Sent debdiffs for buster/bullseye/bookworm to maintainer+secteam; no news from upstream yet (Beuc) -- -cinder - NOTE: 20230525: Added by Front-Desk (lamby) - NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. - NOTE: 20240311: CVE-2020-10755 is fixed in bullseye --- composer (rouca) NOTE: 20240209: Added by Front-Desk (utkarsh) NOTE: 20240304: Need to backport bullseye @@ -225,11 +220,6 @@ python-asyncssh NOTE: 20240116: Added by Front-Desk (lamby) NOTE: 20240131: Patch for CVE-2023-46445 and CVE-2023-46446 backported and in Git, but one test is failing. Waiting for feedback before release. (dleidert) -- -python-os-brick - NOTE: 20230525: Added by Front-Desk (lamby) - NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. - NOTE: 20240311: Reverted decision to remove from this file since CVE-2020-10755 is fixed in bullseye. --- rails NOTE: 20220909: Re-added due to regression (abhijith) NOTE: 20220909: Regression on 2:5.2.2.1+dfsg-1+deb10u4 (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a278aa253c0ee95020cb9cf3ad4486c4c3649541 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a278aa253c0ee95020cb9cf3ad4486c4c3649541 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits