[Pkg-xen-devel] Bug#1021668: Bug#1021668: xen: CVE-2022-33749 CVE-2022-33748 CVE-2022-33747 CVE-2022-33746
Hans van Kranenburg
hans at knorrie.org
Tue Oct 18 13:17:32 BST 2022
Hi!
On 10/12/22 19:38, Moritz Mühlenhoff wrote:
> Source: xen
> X-Debbugs-CC: team at security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for xen.
>
> CVE-[...]
Thanks for the overview. The XAPI one indeed does not apply to src:xen.
I have a question, since the 'bug' report does not contain a question,
or explicit call for action, and I have not seen it in this way before.
Does explicitly opening a BTS bug mean that, like we use to call it,
"these CVEs warrant a DSA", and that it is a request for an ASAP package
update and preparing a security update for stable, or, is this a new
thing where BTS bugs are opened for packages, just in case the
maintainer did not already track security issues themselves actively?
I'm just wondering...
Thanks,
Hans
More information about the Pkg-xen-devel
mailing list