[Pkg-salt-team] Bug#985085: plan to lower Severity

Federico Grau donfede at casagrau.org
Tue Apr 13 15:27:04 BST 2021 

Hello Debian Security Team,

I wanted to make sure you were aware of my findings and intents with #985085.
Planning to lower that bug's Severity this week.

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985085#28



While on the topic of Salt and security, Damien Norris and I have also been
testing the published upstream patches to correct open CVEs on older Salt
versions.  We've made good progress and are nearing the next point.  What
avenue is available to apply these security fix patches to Debian?

    https://security-tracker.debian.org/tracker/source-package/salt

    # upstream fixes for older CVE
    https://gitlab.com/saltstack/open/salt-patches


regards,
donfede


On Mon, Apr 12, 2021 at 08:05:11PM -0400, Federico Grau wrote:
> Fully recognizing we all must balance multiple priorities, I'm still waiting
> to hear back from active Salt maintainer(s) to progress closing this bug.
> 
> Until the bug can properly be closed and given these CVE bugs do not apply to
> Debian, with the goal of preventing Salt from being autoremoved from the next
> Debian release Bullseye circa 2021-April-27, I intent do lower the Severity of
> this bug (#985085) later this week (e.g. current Grave to Minor).
> 
> respectfully,
> donfede
> 
> 
> # BTS closing policy
> https://www.debian.org/Bugs/Developer#closing
> 
> # BTS severity descriptions
> https://www.debian.org/Bugs/Developer#severities
> 
> # Salt Team ML and archive
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-salt-team
> 
> 



> _______________________________________________
> pkg-salt-team mailing list
> pkg-salt-team at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-salt-team


-- 
I choose information and knowledge over profit.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-salt-team/attachments/20210413/6123d78a/attachment.sig>

More information about the pkg-salt-team mailing list