Hi Thomas,
On 11/09/2022 12:50, Thomas Goirand wrote:
Hi,
In the OpenStack team git, there are updates for nova 2:18.1.0-6+deb10u1
(CVE-2019-14433/ OSSA-2019-003). Can someone pick it up and upload it to Buster?
It was never accepted in Buster due to the difficulties communicating with the
Stable release team (too slow response, etc. that leads to /me giving up...).
Though IMO, it'd be a very good candidate for buster LTS.
The latest Buster version is in the debian/rocky branch at:
https://salsa.debian.org/openstack-team/services/nova/
How to proceed? Can I simply upload the normal way? IS there a 3rd party peer
reviewing accepting / rejecting uploads for LTS?
I have taken a look at the package, and am a bit unease at the debconf changes,
as I'm not particularly well versed in that front. I have done some piuparts
testing, and at least that works well, though that's non-interactive so perhaps
it's not fully testing that part. However given that you have tested that change
(as well as the others) and that the changes are in bullseye, I think we can go
ahead with it. Please upload a _source.changes to security-master targeting
buster-security, and I can help or take care of the paperwork.
Cheers,
Emilio
