On Mon, Mar 31, 2025 at 04:20:08PM +0100, Chris Lamb wrote:
> Adrian Bunk wrote:
>
> > It would make sense if the same person fixes the CVEs in all copies of
> > the bson code in all releases.
>
> Indeed it would. If someone has a connection or history with any of
> these packages already, I'd b
Adrian Bunk wrote:
> It would make sense if the same person fixes the CVEs in all copies of
> the bson code in all releases.
Indeed it would. If someone has a connection or history with any of
these packages already, I'd be more than happy to relinquish my claim
on mongo-c-driver so they are all
Hi,
On Mon, Mar 31, 2025 at 07:39:55PM +0200, Sylvain Beucler wrote:
> Hi,
>
> On 31/03/2025 16:56, Adrian Bunk wrote:
> > On Mon, Mar 31, 2025 at 04:42:59PM +0200, Sylvain Beucler wrote:
> > > ...
> > > Do we want to update data/embedded-code-copies to reference
> > > libbson-xs-perl?
> > >
>
Hi,
On Mon, Mar 31, 2025 at 04:58:25PM +0300, Adrian Bunk wrote:
> Hi,
>
> mongo-c-driver was added to *la-needed.txt yesterday, and someone
> already claimed it to fix the 4 bson CVEs (and a non-bson CVE) in
> bullseye and buster.
>
I have already been in coordination w/ Salvatore about this
Hi,
On 31/03/2025 16:56, Adrian Bunk wrote:
On Mon, Mar 31, 2025 at 04:42:59PM +0200, Sylvain Beucler wrote:
...
Do we want to update data/embedded-code-copies to reference libbson-xs-perl?
e.g.
diff --git a/data/embedded-code-copies b/data/embedded-code-copies
index 19611b261b..77696af1af 100
Roberto C. Sánchez wrote:
> Can you confirm that it's OK for me to go ahead and take over your
> claims on mongo-c-driver?
Yes, absolutely; please go ahead and claim.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org 🍥 chris-lamb.co.uk
`-
On Mon, Mar 31, 2025 at 04:42:59PM +0200, Sylvain Beucler wrote:
>...
> Do we want to update data/embedded-code-copies to reference libbson-xs-perl?
>
> e.g.
> diff --git a/data/embedded-code-copies b/data/embedded-code-copies
> index 19611b261b..77696af1af 100644
> --- a/data/embedded-code-copies
On Mon, Mar 31, 2025 at 04:42:59PM +0200, Sylvain Beucler wrote:
>
> Do we want to update data/embedded-code-copies to reference libbson-xs-perl?
>
> e.g.
> diff --git a/data/embedded-code-copies b/data/embedded-code-copies
> index 19611b261b..77696af1af 100644
> --- a/data/embedded-code-copies
>
Hi,
On 31/03/2025 16:25, Roberto C. Sánchez wrote:
On Mon, Mar 31, 2025 at 04:58:25PM +0300, Adrian Bunk wrote:
Copies of the bson code are also in the (E)LTS supported packages
libbson/stretch and libbson-xs-perl/bullseye.
I am aware of libson/stretch but not of libbson-xs-perl/bullseye. I
c
On Mon, Mar 31, 2025 at 10:25:54AM -0400, Roberto C. Sánchez wrote:
>
> one who developed the patch to this specific CVE).
>
By "this specific CVE" I refer to the most recent CVE (CVE-2025-0755),
but I plan to take care of the other no-dsa CVEs along the way.
Regards,
-Roberto
--
Roberto C. Sá
Hi,
mongo-c-driver was added to *la-needed.txt yesterday, and someone
already claimed it to fix the 4 bson CVEs (and a non-bson CVE) in
bullseye and buster.
Copies of the bson code are also in the (E)LTS supported packages
libbson/stretch and libbson-xs-perl/bullseye.
Front Desk / Security Te
11 matches
Mail list logo
