First Last Prev Next    This bug is not in your last search results.
Bug 57370 - Package versions for orcania, ulfius and yder are lower in UCS 5.2 beta than 5.0-7
Package versions for orcania, ulfius and yder are lower in UCS 5.2 beta than ...
Status: NEW
Product: UCS
Classification: Unclassified
Component: General
UCS 5.2
Other Linux
: P5 normal (vote)
: UCS 5.2
Assigned To: UCS maintainers
UCS maintainers
:
Depends on: 49006
Blocks:
  Show dependency treegraph
 
Reported: 2024-05-30 12:11 CEST by Arvid Requate
Modified: 2024-06-03 17:58 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2024-05-30 12:11:10 CEST 
The Debian source packages orcania, ulfius and yder are imported into UCS 5.0-x with a higher version than what is in UCS 5.1/5.2 (Debian-Bookworm):

arequate@omar:~$ repo_stat.py yder
Version 1.4.4-4 Rev 150997      Date 2019-12-15 10:06:27
        Release 5.0-0-0
Version 1.4.19-1        Rev 171286      Date 2024-01-24 20:13:56
        Release 5.1-0-0
Version 1.4.20-1        Rev 171057      Date 2023-11-11 22:00:32
        Release 5.0-0-0 Scope errata5.0-6
        Release 5.0-0-0 Scope fbest-oidc

arequate@omar:~$ repo_stat.py ulfius
Version 2.5.2-4 Rev 150157      Date 2019-12-15 07:52:58
        Release 5.0-0-0
Version 2.5.2-4+deb10u1 Rev 158851      Date 2021-12-09 13:58:48
        Release 5.0-0-0 Scope ucs5.0-1
Version 2.7.13-1        Rev 171287      Date 2024-01-24 20:17:52
        Release 5.1-0-0
Version 2.7.14-1        Rev 171054      Date 2023-11-11 19:11:47
        Release 5.0-0-0 Scope errata5.0-6
        Release 5.0-0-0 Scope fbest-oidc

arequate@omar:~$ repo_stat.py orcania
Version 1.2.9-5 Rev 143731      Date 2019-12-14 17:05:27
        Release 5.0-0-0
Version 2.3.2-1 Rev 171285      Date 2024-01-24 20:04:36
        Release 5.1-0-0
Version 2.3.3-1 Rev 171055      Date 2023-11-11 19:12:05
        Release 5.0-0-0 Scope errata5.0-6

We should check if we can switch to the Debian-Bookworm packages (possibly with a few required patches on top) to get them covered by Debian security updates.
Comment 2 Arvid Requate univentionstaff 2024-06-03 13:23:48 CEST 
Maybe we can use apt pinning for this like we did  for runc in commit 50165ebd9ec5f8c98ed109d89863259097f6f917
Comment 4 Arvid Requate univentionstaff 2024-06-03 17:58:37 CEST 
* https://github.com/babelouest/orcania/commits/master/ shows this patch included in UCS but not yet in Bookworm:
  * https://github.com/babelouest/orcania/commit/313b81740babc54779e52df1444c8c29b89af0dc

* Likewise ulfius has https://github.com/babelouest/ulfius/commit/d4647aa09ec762599f39c586ed5f92a6175e16e2
  and 3-4 additional commits sine 2.7.13

I propose picking up these patches to not go backwards with regards to fixed bugs. But we should be based on the
Bookworm packages to get notified in case something security related is discovered by Debian.
First Last Prev Next    This bug is not in your last search results.