Hi Moritz,
Thanks for CC'ing.
On Thu, Feb 25, 2021 at 08:01:42PM +0100, Moritz Mühlenhoff wrote:
> Am Thu, Feb 25, 2021 at 05:30:05PM +0100 schrieb Sylvain Beucler:
> > - This problem is similar/related to tracking embedded code copies.
> > See https://salsa.debian.org/lts-team/lts-extra-tasks/
On Thu, Feb 25, 2021 at 10:41 PM Ola Lundqvist wrote:
> Finding embedded code copies is harder.
There are some useful strategies for that listed on the wiki:
https://wiki.debian.org/EmbeddedCopies
Probably `apt-file search -I dsc` and the various code searching
services (sources.d.o hashes/ctag
Hi
I think related packages is fairly easy to automate. I wrote a small script
that takes a line separated list of packages on standard input and
outputs what packages that are (likely) related.
Here is an example usage:
ola@tigereye:~$ cat stretch-packages.txt | sort -u | ./
find-related-source
Great! Thank you all for the good answers.
// Ola
On Thu, 25 Feb 2021 at 10:53, Salvatore Bonaccorso
wrote:
> Hi,
>
> On Thu, Feb 25, 2021 at 09:09:08AM +, Chris Lamb wrote:
> > Morning Ola,
> >
> > > Today I looked at CVE-2020-36193 since we have php-pear in dla-needed.
> > > Ths thing is
Am Thu, Feb 25, 2021 at 05:30:05PM +0100 schrieb Sylvain Beucler:
> - This problem is similar/related to tracking embedded code copies.
> See https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/2
> With one difference: there's no reference source package.
Not reallly, embedded code copi
Hi,
During today's meeting we discussed how to track CVEs in related
source packages. For instance unbound vs. unbound-1.9, or golang
(ELTS) vs. golang-1.7/golang-1.8 (LTS) vs. golang-1.11.
We may miss/delay affected packages due to this, unless the front-desk
is already aware of all related pac
On 25/02/2021 10:09, Chris Lamb wrote:
Morning Ola,
Today I looked at CVE-2020-36193 since we have php-pear in dla-needed.
Ths thing is that this CVE tells that drupal7 is also vulnerable but
drupal7 is not in dla-needed.txt.
It may be that drupal7 was not marked as being vulnerable to
CVE-20
Hi,
On Thu, Feb 25, 2021 at 09:09:08AM +, Chris Lamb wrote:
> Morning Ola,
>
> > Today I looked at CVE-2020-36193 since we have php-pear in dla-needed.
> > Ths thing is that this CVE tells that drupal7 is also vulnerable but
> > drupal7 is not in dla-needed.txt.
>
> It may be that drupal7 wa
Morning Ola,
> Today I looked at CVE-2020-36193 since we have php-pear in dla-needed.
> Ths thing is that this CVE tells that drupal7 is also vulnerable but
> drupal7 is not in dla-needed.txt.
It may be that drupal7 was not marked as being vulnerable to
CVE-2020-36193 at the time of triage. After
Hi Chris
Today I looked at CVE-2020-36193 since we have php-pear in dla-needed.
Ths thing is that this CVE tells that drupal7 is also vulnerable but
drupal7 is not in dla-needed.txt.
Is there any specific reason for this?
I guess there is, like drupal7 impact was realized later, or lack of time
f
10 matches
Mail list logo
