Hello,
I'd like to ask you guys an indication on a package upgrade.
I'd like to update dropbear for 42 and 41 (and possibily 40 still) following the upgrade on Rawhide, mostly to fix a recent CVE. But besides fixing the CVE it brings a few configuration / default changes, so I'm not sure if this would break the policies. Seeing the changes, they seem more than reasonable to be but still. This would potentially also have to flow down on EPEL (with even bigger impact possibly).
The changes were not introduced with the latest version (that fixes the CVE) but with the one before (that's why I didn't upgrade before):
https://github.com/mkj/dropbear/releases/tag/DROPBEAR_2025.87 (see the ones marked with ">>").
Backporting the fix doesn't seem to be trivial.
Any guidance would be appreciated,
Thanks!
Federico
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
