[Pkg-salt-team] Bug#985085: plan to lower Severity

Damien Norris damien at cantrusthosting.coop
Tue Apr 13 17:01:36 BST 2021


Hi Moritz, thank you for your help with getting #985085 closed.

> the general procedure for security updates can
> be found at https://www.debian.org/doc/manuals/developers-reference/pkgs.html#preparing-packages-to-address-security-issues

FYI I believe we're close to having all these requirements done for both 
buster and stretch!

Upstream provided backported security patches for these 10 CVE's for 
both stable/oldsable versions (2018.3 and 2016.11) and I have both of 
these working as Debian package builds now.

I'm testing in my prod environment this week, plus there's explicit 
testing that can be cone against the CVE's (especially the bad one, 
CVE-2020-28243) that should be done.

But then it should be ready for review and hopefully upload on both 
fronts, within the next week hopefully.

-- 

damienvancouver






More information about the pkg-salt-team mailing list