Comment # 5 on bug 1193874 from 
(In reply to Atri Bhattacharya from comment #4)
> (In reply to Luciano Santos from comment #2)
> > It seems this one felt through the cracks, so I've sent a request. I'd open
> > a maintenance request (if help is welcomed in such cases) but I'm without a
> > Linux box for now.
> > 
> > 
> > [1] https://build.opensuse.org/request/show/1006296
> 
> May be I am confused, but it seems the only thing your sr does is add the
> bug reference from b.o.o to a changelog entry. So, in reality, nothing
> actually fell through the cracks: the fix was submitted "May  6 19:31:33 UTC
> 2022", or am I missing something?

Hi Atri, yes, my SR only added this bug reference, so that the 1.5.23 Matio
release could be forwarded to Leap 15.4 -- that's sitting on 1.5.21 --, and
maybe even to Leap 15.3 -- 1.5.17 --, following the maintenance process [1]. I
was even going to send the request myself, but the package maintainer took more
than a month to accept my request and for a while I'm going to be without a
Linux box until it gets fixed.

Then, yeah, the fix reached Tumbleweed, but not Leap yet, as far as my digging
skills can tell. That's what I'm referring to "falling through the cracks"
here.

Note that I don't have any particular interest to Matio or Leap. I saw this CVE
bug without the bots screaming the usual "An update was released that
references this bug ..." thing for Leap, while I was skimming through a series
of bugs and got curious to know why. Saw this particular CVE being mentioned in
the 1.5.23 Matio changes entry and decided to lend a hand, even though I'm not
sure how *security updates* (VUL bugs) are handled for Leap, in details.

[1]
https://en.opensuse.org/openSUSE:Maintenance_update_process#Write_a_meaningful_changelog-entry

You are receiving this mail because: