Jan Ingvoldstad <frett...@gmail.com> writes: > Hi, > > It seems that Bookworm's zfs-dkms package (from contrib) has the data > corruption bug that was fixed with OpenZFS 2.1.14 (and 2.2.2) on 2023-11-30. > > https://github.com/openzfs/zfs/releases/tag/zfs-2.1.14 > > However, I see no relevant bug report in the bug tracker - have my > searching skills failed?
You can check the developer page of zfs-linux[1] on which the "action needed" section has information about security issues (along with version info as Gareth posted). The one you mentioned was being tracked in [2] and the corresponding Debian bug is [3]. My guess is that as zfs-linux is not in "main" but "contrib", and the issue is marked "no-dsa" (see [4]), there may be no urgency to provide a stable update. But you may send a follow up in the tracking bug and ask for clarification from the maintainers on whether an (old)stable-update is desired. [1] https://tracker.debian.org/pkg/zfs-linux [2] https://security-tracker.debian.org/tracker/CVE-2023-49298 [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056752 [4] https://security-team.debian.org/security_tracker.html#issues-not-warranting-a-security-advisory -- Xiyue Deng
