[pkg-cryptsetup-devel] Security issue (CVE-2021-4122) in cryptsetup 2:2.3.5-1

Yves-Alexis Perez corsac at debian.org
Wed Feb 9 11:05:48 GMT 2022


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Wed, 2022-02-09 at 09:47 +0100, Guilhem Moulin wrote:
> 
> So should I upload 2:2.3.7-1+deb11u1 to security-master? :-)  The
> debdiff boils down to upstream's v2.3.5...v2.3.7 plus d/changelog and
> some paperwork (d/gbp.conf, d/salsa-ci.yml) to prep the new branch.

Hi Guilhem, sorry (again) for the delay. Yes I think it's fine. I also got
some feedback from Moritz on irc and he added a good point: with a specific
DSA update it's possible to alert people on the changes, both in a NEWS.Debian
(which I think would be a good idea anyway) and in the DSA text itself. While
when the people update their whole distribution, the change might be a bit
lost in the releases notes with a lot of similar changes. So in a way it gets
a bit more exposure.

Regards,
- -- 
Yves-Alexis
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmIDoA0ACgkQ3rYcyPpX
RFtsTgf/fyvfjyriQCq+GyZEcAWKIx/kTk/UKJ6dMArrboiNM3NcWcBk+UbBl5tF
jDOPAP2kjD2GWvY5/rGSGGd88xPLi2yaIlFmzOLLPmolGsb7ZYtaFMs9I2cfkplO
H+ElyuSVpQG092XJgPQCftQs7eypjDNVLuoQ0j+3t6AY6f9Mcgvg3objE0tdXzRR
yNOsAgLCvqwuJOqRtKFvG8o7E8tdY/9ZHNqNG6M9huUChNI/jJ2hVP46G3LuR/f3
GLakaxuRBYL7Pks8vM9sTMa0rN3N/0gVlxXnFcVN7Rp3/P2w5umJ8U0J+Yi49mwm
SxxQoihQTFj3dqKXuKNsm2n503t7oQ==
=7jDv
-----END PGP SIGNATURE-----



More information about the pkg-cryptsetup-devel mailing list