[pkg-cryptsetup-devel] Security issue (CVE-2021-4122) in cryptsetup 2:2.3.5-1
Guilhem Moulin
guilhem at debian.org
Wed Feb 9 12:42:13 GMT 2022
Hi corsac,
On Wed, 09 Feb 2022 at 12:05:48 +0100, Yves-Alexis Perez wrote:
> On Wed, 2022-02-09 at 09:47 +0100, Guilhem Moulin wrote:
>> So should I upload 2:2.3.7-1+deb11u1 to security-master? :-) The
>> debdiff boils down to upstream's v2.3.5...v2.3.7 plus d/changelog and
>> some paperwork (d/gbp.conf, d/salsa-ci.yml) to prep the new branch.
>
> Hi Guilhem, sorry (again) for the delay. Yes I think it's fine. I also got
> some feedback from Moritz on irc and he added a good point: with a specific
> DSA update it's possible to alert people on the changes, both in a NEWS.Debian
> (which I think would be a good idea anyway) and in the DSA text itself. While
> when the people update their whole distribution, the change might be a bit
> lost in the releases notes with a lot of similar changes. So in a way it gets
> a bit more exposure.
Ah cool, thanks for the info and suggestion! I therefore added a
NEWS.Debian entry and uploaded the resulting source-only .changes to
security-master.
Cheers
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20220209/52271543/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list