On Tue, 2023-09-19 at 08:59 +0100, Luca Boccassi wrote: > On Tue, 19 Sept 2023 at 08:21, Salvatore Bonaccorso < > car...@debian.org> wrote: [...] > > Two obervations: Can you please close #1043598 in the > > debian/changelog as well as the update addresses CVE-2023-3153. [...] > Changelog mentions CVE and bug: > > ovn (23.03.1-1~deb12u1) bookworm; urgency=medium > > * Team upload. > * Update upstream source from tag 'upstream/23.03.1' > - Add CoPP for the svc_monitor_mac. This addresses CVE-2023-3153. > (Closes: #1043598) > * d/p/*vif-plug-representor*: Lower severity of failure to set udev > receive buffer size (LP: #2034700). >
In fact, the debdiff that was attached to the request does not contain that bug closure: + * Team upload. + * Update upstream source from tag 'upstream/23.03.1' + - Add CoPP for the svc_monitor_mac. This addresses CVE-2023-3153. + * d/p/*vif-plug-representor*: Lower severity of failure to set udev + receive buffer size (LP: #2034700). Is it not the correct debdiff? Regards, Adam
