https://bugzilla.suse.com/show_bug.cgi?id=1193874 https://bugzilla.suse.com/show_bug.cgi?id=1193874#c5 --- Comment #5 from Luciano Santos <luc14n0@opensuse.org> --- (In reply to Atri Bhattacharya from comment #4)
(In reply to Luciano Santos from comment #2)
It seems this one felt through the cracks, so I've sent a request. I'd open a maintenance request (if help is welcomed in such cases) but I'm without a Linux box for now.
May be I am confused, but it seems the only thing your sr does is add the bug reference from b.o.o to a changelog entry. So, in reality, nothing actually fell through the cracks: the fix was submitted "May 6 19:31:33 UTC 2022", or am I missing something?
Hi Atri, yes, my SR only added this bug reference, so that the 1.5.23 Matio release could be forwarded to Leap 15.4 -- that's sitting on 1.5.21 --, and maybe even to Leap 15.3 -- 1.5.17 --, following the maintenance process [1]. I was even going to send the request myself, but the package maintainer took more than a month to accept my request and for a while I'm going to be without a Linux box until it gets fixed. Then, yeah, the fix reached Tumbleweed, but not Leap yet, as far as my digging skills can tell. That's what I'm referring to "falling through the cracks" here. Note that I don't have any particular interest to Matio or Leap. I saw this CVE bug without the bots screaming the usual "An update was released that references this bug ..." thing for Leap, while I was skimming through a series of bugs and got curious to know why. Saw this particular CVE being mentioned in the 1.5.23 Matio changes entry and decided to lend a hand, even though I'm not sure how *security updates* (VUL bugs) are handled for Leap, in details. [1] https://en.opensuse.org/openSUSE:Maintenance_update_process#Write_a_meaningf... -- You are receiving this mail because: You are on the CC list for the bug.