hello Daniel, >> Please let me know if you'd like me to change anything (here or on >> #debian-lts), or if I can proceed to upload.
I've taken a look at the proposed package and compared it with the 4 CVEs marked as outstanding against the ceph package currently in LTS. * CVE-2023-43040: This is the RGW-related one you believe is not valid/applicable for LTS, right? * CVE-2022-3650: I don't see the relevant changes for this CVE in the proposed package. * CVE-2022-0670: Ditto this one. * CVE-2022-0670: ... and this one also. What am I missing? :-) § Separate to that, just to note that the debdiff is quite substantial: https://people.debian.org/~lamby/debdiff-ceph.txt.xz I'm guessing, however, that ceph is perhaps one of those packages where uploading the point release is still going to be better than trying to individually patch it. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `-
