[Pkg-xen-devel] Bug#1021668: Bug#1021668: xen: CVE-2022-33749 CVE-2022-33748 CVE-2022-33747 CVE-2022-33746
Moritz Muehlenhoff
jmm at inutil.org
Tue Oct 18 21:31:55 BST 2022
On Tue, Oct 18, 2022 at 02:17:32PM +0200, Hans van Kranenburg wrote:
> Does explicitly opening a BTS bug mean that, like we use to call it,
> "these CVEs warrant a DSA",
No, in general we aim to file bugs for any open CVEs regardless of
the DSA state. This allows people to see that an issue is known
(and some maintainers might also not have noticed in time).
> and that it is a request for an ASAP package
> update and preparing a security update for stable, or, is this a new
> thing where BTS bugs are opened for packages, just in case the
> maintainer did not already track security issues themselves actively?
For the latest set of Xen issues my estimate is that we can postpone
them until the next batch, they seem all of moderate/limited impact.
But let me know if you think otherwise.
Cheers,
Moritz
More information about the Pkg-xen-devel
mailing list