[Git][security-tracker-team/security-tracker][master] dla: confirm drop cinder and python-os-brick

Sylvain Beucler (@beuc) beuc at debian.org
Thu Mar 14 12:00:15 GMT 2024 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a278aa25 by Sylvain Beucler at 2024-03-14T12:55:27+01:00
dla: confirm drop cinder and python-os-brick

Rationale:
- Issue is marked Minor
- No particular effort was made to fix CVE-2023-2088 in stable/oldstable since 2023-05,
- No particular effort was made in LTS either, except (untested)
  https://salsa.debian.org/lts-team/packages/python-glance-store/-/commit/186ddf92525198c1be41e0e40a576451c2a419d7
- CVE-2020-10755 was not explicitly fixed in bullseye/bookworm, but through unstable
- None of these packages are sponsored so we can't expect more focused effort in the near future

So let's keep those postponed and catch-up on future stable/oldstable updates through lts-cve-triage.py.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -51,11 +51,6 @@ cacti (Sylvain Beucler)
   NOTE: 20240222: Reported incomplete fix upstream (Beuc)
   NOTE: 20240227: Sent debdiffs for buster/bullseye/bookworm to maintainer+secteam; no news from upstream yet (Beuc)
 --
-cinder
-  NOTE: 20230525: Added by Front-Desk (lamby)
-  NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.
-  NOTE: 20240311: CVE-2020-10755 is fixed in bullseye
---
 composer (rouca)
   NOTE: 20240209: Added by Front-Desk (utkarsh)
   NOTE: 20240304: Need to backport bullseye
@@ -225,11 +220,6 @@ python-asyncssh
   NOTE: 20240116: Added by Front-Desk (lamby)
   NOTE: 20240131: Patch for CVE-2023-46445 and CVE-2023-46446 backported and in Git, but one test is failing. Waiting for feedback before release. (dleidert)
 --
-python-os-brick
-  NOTE: 20230525: Added by Front-Desk (lamby)
-  NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.
-  NOTE: 20240311: Reverted decision to remove from this file since CVE-2020-10755 is fixed in bullseye.
---
 rails
   NOTE: 20220909: Re-added due to regression (abhijith)
   NOTE: 20220909: Regression on 2:5.2.2.1+dfsg-1+deb10u4 (abhijith)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a278aa253c0ee95020cb9cf3ad4486c4c3649541

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a278aa253c0ee95020cb9cf3ad4486c4c3649541
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240314/5bf4ba89/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list