On Fri, Dec 06, 2024 at 10:10:19PM -0500, Roberto C. Sánchez wrote: > The Security Team has supplied a list of packages/CVEs which were fixed > by DLA (some in bullseye and some in buster) but which remain unfixed in > bookworm (and which are tagged no-dsa, indicating that the Security Team > has no immediate plans to address them). > > Based on this information, I have created issues in Salsa (in the > lts-team/lts-updates-tasks project) to track necessary updates. > Depending on the specific package and CVEs, some only require > coordination with SRM and the maintainer for a proposed-update to fix > the applicable CVEs, while others require a bullseye DLA, and a few > require both. [...]
that's awesome, thank you!
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
First they ignore you, then they laugh at you, and then it's too late.
Don't look up!
signature.asc
Description: PGP signature
