Bug#968311: gnome-shell in stretch/buster as not affected by CVE-2020-17489
Simon McVittie
smcv at debian.org
Sat Aug 29 11:47:00 BST 2020
On Sat, 29 Aug 2020 at 10:16:28 +0000, Mike Gabriel wrote:
> here is a summary of what we discussed on IRC.
>
> * gnome-shell in stretch+buster reveal password length
> * CVE-2020-17489/buster -> bach to <no-dsa> (fix via buster-pu)
> * CVE-2020-17489/stretch -> back to "vulnerable" (fix via LTS in prep)
>
> @smcv: please let me know if you are ok with me uploading to buster-pu or if
> you'd rather like to have a .debdiff.
Thanks for looking into this. If you wouldn't mind
sending a debdiff to this bug (or a merge request to
https://salsa.debian.org/gnome-team/gnome-shell/-/tree/debian/buster,
your choice), it's probably best for someone from the GNOME team to have
the opportunity to check it before uploading to buster-pu - there's no
date planned for Debian 10.6 yet, so we're not on a tight schedule for
-pu uploads.
Thanks,
smcv
More information about the pkg-gnome-maintainers
mailing list