1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Re: bullseye-pu: package json-smart/2.2-2+deb11u1

    From Bastien =?ISO-8859-1?Q?Roucari=E8s?@21:1/5 to All on Sat Apr 13 14:01:09 2024
    XPost: linux.debian.devel.release
    Copy: 1068694@bugs.debian.org

    Le samedi 13 avril 2024, 14:00:00 UTC Moritz Mühlenhoff a écrit :
    Hi,

    Am Tue, Apr 09, 2024 at 10:01:11AM +0200 schrieb Andreas Beckmann:
    Package: release.debian.org
    Severity: normal
    Tags: bullseye
    User: release.debian.org@packages.debian.org
    Usertags: pu
    X-Debbugs-Cc: Bastien Roucariès <rouca@debian.org>
    Control: affects -1 + src:json-smart
    Control: block 1039985 with -1
    Control: block 1033474 with -1

    [ Reason ]
    Two CVEs were fixed in buster-lts, but not yet in bullseye or later, causing version skew on upgrades:

    CVE-2023-1370 / #1033474 is unfixed in sid, and being fixed in unstable
    is a pre condition for a point update.

    Bastien, since you fixed it in buster-lts, can you please also take care
    of addressing unstable?


    Ok will do

    Cheers,
    Moritz



    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmYakCUACgkQADoaLapB CF9xdg/+O8BZRZczjQNEOy0ZsOpk9D8iRMvegv1w2fgtuCZb8dPIb+D9ccV/c4gA XKFhGI3sAgTOypUXYBiV5ZXCFE6twLAU+AKWwKFIvvMB4ufSLIBM6rzkbap96pwT 0wZuipxdDvKDWUUZEcs0V4zCoqLa4L8yTuqSgJ3n02rywsr+TQiwwl/stdRpINDW MgTXMjQbP/Gh1fEiU0dhAppQ0TAVGttwL/Av7379Xzsh9ScW72X8UPo8mmRZ6h9j 74Zpr+I8L8vfwtUmkzMvZADJzJ5hUOqU39MAZ1h2mGHl8b16HTXAfQIDDeq1jU1F F4scfPWllcNsmJPu4t2Mu0TZAcfZQOAqPkoP18AQYIHxX0xBNNRdaq/3VtqP1jR1 PiHL4TXNP/GdpZMH+zIKALzUoseKpkKL3QEM7gOeCAEPlimfOSGiFbin281bW1S2 B11gUnILztNj7P6f0EvVr3EgUviwQ3MonvZJGxCnD+n8NwW4a3p+SqtlCfnmBGrL GTzWGs8ge+lpB1cS7HqiYRyxjFdhpChqz4fW88t7NeC+b3xU4XHyez9CXuh4DRLB hxuORqqKsApHpBzlnCPVO9ApN5PR/uQUHYd8BBpE9Ptwm/7M7F8on6ZTPcTlhK9k +2aRH8IMII6Fl8qV7IsscP2Oi/9WIw+345m1Dwr4IZNuX/zkkGM=
    =dcQh
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bastien =?ISO-8859-1?Q?Roucari=E8s?@21:1/5 to All on Sat Apr 13 19:54:04 2024
    XPost: linux.debian.devel.release
    Copy: 1068694@bugs.debian.org

    Le samedi 13 avril 2024, 14:01:24 UTC Bastien Roucariès a écrit :
    Le samedi 13 avril 2024, 14:00:00 UTC Moritz Mühlenhoff a écrit :
    Hi,

    Am Tue, Apr 09, 2024 at 10:01:11AM +0200 schrieb Andreas Beckmann:
    Package: release.debian.org
    Severity: normal
    Tags: bullseye
    User: release.debian.org@packages.debian.org
    Usertags: pu
    X-Debbugs-Cc: Bastien Roucariès <rouca@debian.org>
    Control: affects -1 + src:json-smart
    Control: block 1039985 with -1
    Control: block 1033474 with -1

    [ Reason ]
    Two CVEs were fixed in buster-lts, but not yet in bullseye or later, causing version skew on upgrades:

    CVE-2023-1370 / #1033474 is unfixed in sid, and being fixed in unstable
    is a pre condition for a point update.

    Bastien, since you fixed it in buster-lts, can you please also take care
    of addressing unstable?

    Done


    Ok will do

    Cheers,
    Moritz





    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmYa4twACgkQADoaLapB CF9MqA/+N2TMFPt5qHvgxbCbJows5IoL2ozKUmwue+7mAAe2bnWkqQksxRYIItc0 /7qI6NbkM28lF4xSnMwY4SyHLaywULk6Oug55/2bRtU2VqiMkjlmevPm+U8whWgW Ip4AizgKLuSkr9iXWsTl0s7JL/TRSCQe8wbEYjldXmjCzmfjpUEkHn4RDNZPWRhE RLXFiMlykA8eTeXUvInCDTBnpAc9KaKY3OTol7kNWAk5O/BWyUxtEllP49ljODGj skUQOTFBhszrM4n9aJ/VvBIXZJJJO6mmndrcLoBr47qcZvZKI3v0aqx7lZiqjzNo bBSrfHwQ1qlLOyvGD1Z09HdEOiabwDg7eB4HlBkadFt+yyoPPKxLI38+hgvGFjf1 Y8xoI0UYs/yajcFTeIiiN1Jcshy30tfDZVZUJNIasOhwAYGrMi2Fz+ZBLmXw3U8T ztPreVlnIN99P4z6w+pKdbiJAY4amq+1Qo9AaSG1RuR/jNNE2AGZvIZKX2AC0LYm tGyyOZ3W+eFYRC1HU1ESIufVACVRFoZpU0oUtFW5Am5Jy3z3FzniU9/tQN1WUgZg ypjdWCqBcVqewQnYoIqL+tP4qBDI8ioTLHifdUYdNpona2Z7dqyDCctPcpQR9CKr ZCKZUf5k54AluEsgd4r7THBi0Km1NG4q5f1xZjEkLXZamjHAZzw=
    =VXbf
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)