[Pkg-salt-team] Bug#985085: plan to lower Severity

Moritz Mühlenhoff jmm at inutil.org
Tue Apr 13 16:33:17 BST 2021


Hi Federico,

Am Tue, Apr 13, 2021 at 10:27:04AM -0400 schrieb Federico Grau:
> Hello Debian Security Team,
> 
> I wanted to make sure you were aware of my findings and intents with #985085.
> Planning to lower that bug's Severity this week.
> 
>     https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985085#28

If it has been confirmed that this is SuSE-specific, then simply close it
rather than downgrading the severity, no need to keep it lingering around :-)

> While on the topic of Salt and security, Damien Norris and I have also been
> testing the published upstream patches to correct open CVEs on older Salt
> versions.  We've made good progress and are nearing the next point.  What
> avenue is available to apply these security fix patches to Debian?

For buster these would need to be against 2018.3.4, for actually getting
the update prepared, best sync up with the Salt maintainers (or join
the maintenance team), the general procedure for security updates can
be found at
https://www.debian.org/doc/manuals/developers-reference/pkgs.html#preparing-packages-to-address-security-issues

Cheers,
        Moritz



More information about the pkg-salt-team mailing list