[Pkg-xen-devel] Bug#1021668: Bug#1021668: xen: CVE-2022-33749 CVE-2022-33748 CVE-2022-33747 CVE-2022-33746
Hans van Kranenburg
hans at knorrie.org
Wed Oct 19 20:49:12 BST 2022
Hi,
On 18/10/2022 22:31, Moritz Muehlenhoff wrote:
> On Tue, Oct 18, 2022 at 02:17:32PM +0200, Hans van Kranenburg wrote:
>> Does explicitly opening a BTS bug mean that, like we use to call it,
>> "these CVEs warrant a DSA",
>
> No, in general we aim to file bugs for any open CVEs regardless of
> the DSA state. This allows people to see that an issue is known
> (and some maintainers might also not have noticed in time).
Ok!
>> and that it is a request for an ASAP package
>> update and preparing a security update for stable, or, is this a new
>> thing where BTS bugs are opened for packages, just in case the
>> maintainer did not already track security issues themselves actively?
>
> For the latest set of Xen issues my estimate is that we can postpone
> them until the next batch, they seem all of moderate/limited impact.
> But let me know if you think otherwise.
I agree. Let's do them together with the new stuff that's planned for
Nov 1st, https://xenbits.xen.org/xsa/
Hans
More information about the Pkg-xen-devel
mailing list