>I have not seen this recommendation, do you have a link? It is from Debian wiki
https://wiki.debian.org/ZFS 2024-01-12, pn, 14:08 Jan Ingvoldstad <frett...@gmail.com> rašė: > > > On Wed, Jan 10, 2024 at 10:48 PM Xiyue Deng <manp...@gmail.com> wrote: >> >> >> You can check the developer page of zfs-linux[1] on which the "action >> needed" section has information about security issues (along with >> version info as Gareth posted). The one you mentioned was being tracked >> in [2] and the corresponding Debian bug is [3]. My guess is that as >> zfs-linux is not in "main" but "contrib", and the issue is marked >> "no-dsa" (see [4]), there may be no urgency to provide a stable update. >> But you may send a follow up in the tracking bug and ask for >> clarification from the maintainers on whether an (old)stable-update is >> desired. > > > Thanks, so it *was* my searching skills that failed me: > > "The fix will land in bookworm-backports and bullseye-backports-sloppy > shortly after 2.1.14-1 migrates to testing, which will take about 2 > days hopefully. Fixes to 2.0.3-9+deb11u1 (bullseye) and 2.1.11-1 > (bookworm) are planned but will likely take more time." > > I think the bug is mislabeled as "security" and "important", as this is > primarily a severe data corruption bug, but with *possible* security > implications. > > It is far more concerning that one cannot trust that cp actually copies a > file, and this is a blocker for installing the ZFS packages in Debian. > > -- > Jan
