StarlingX

  1. Bug #1986486
  2. Comment #2

Comment 2 for bug 1986486

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/853083
Committed: https://opendev.org/starlingx/tools/commit/db307f0084483806b9ba37c23b665f7b270984cd
Submitter: "Zuul (22348)"
Branch: master

commit db307f0084483806b9ba37c23b665f7b270984cd
Author: Wentao Zhang <email address hidden>
Date: Mon Aug 15 10:40:17 2022 +0800

    Debian: dpkg:fix CVE-2022-1664

    Upgrade dpkg, dpkg-dev, libdpkg-perl to the version that
    CVE-2022-1664 have been fixed:

    dpkg_1.20.9_amd64.deb to dpkg_1.20.10_amd64.deb
    dpkg-dev_1.20.9_all.deb to dpkg-dev_1.20.10_all.deb
    libdpkg-perl_1.20.9_all.deb to libdpkg-perl_1.20.10_all.deb

    (Refer to https://security-tracker.debian.org/tracker/CVE-2022-1664)

    This fix provides the URL of the package in base-bullseye.lst to
    make sure that the binary package can be downloaded no matter how
    the upstream changes.

    Closes-bug: 1986486
    Signed-off-by: Wentao Zhang<email address hidden>
    Change-Id: Ie4e70e4da36f015424712459c2905f51927e20cd