Hi Cyril, Paul, On Fri, May 28, 2021 at 10:54:32AM +0200, Salvatore Bonaccorso wrote: > Control: retitle -1 unblock: linux/5.10.40-1 > > Hi Paul, hi Cyril, > > On Thu, May 27, 2021 at 11:04:14AM +0200, Cyril Brulebois wrote: > > Paul Gevers <elb...@debian.org> (2021-05-27): > > > Control: tags -1 confirmed d-i > > > > > > @boot: needs d-i ACK. As I believe you are aware of, the upload has > > > already happened. > > > > > > @kibi: feel free to age it if/when you see fit > > > > We've just discussed that (with Salvatore) on IRC minutes ago, and it > > seems like this unblock request will be withdrawn/recycled for another > > version, that version needs fixing. > > So let's give some background. Whilst it would have bee good to > finally move linux/5.10.38-1 to testing because it contained many > needed bugfixes and in particular as well the CVE fixes for the bpf > issues, doing so would have introduced the worse bpf issue > CVE-2021-33200. > > Cf. https://www.openwall.com/lists/oss-security/2021/05/27/1 > > I uploaded now 5.10.40-1 which contains those fixes for CVE-2021-33200 > in the upload, we should ensure those fixes go into bullseye. > > Assuming we notice no issues with that upload, once Cyril is fine with > it as well from d-i perspective, please let it migrate to bullseye.
The version is not 4 days in unstable, looks good to me to let it migrate to testing (unless Cyril spotted issues in recent d-i tests). The FragAttack CVE fixes were now queued upstream as well for the stable series, so I expect I can followup soon with a follow up for those as well "soonish". But we should first let 5.10.40-1 enter bullseye in any case. Thanks all for your work! Regards, Salvatore
