-
Security Vulnerability
-
Resolution: Fixed
-
Normal
-
None
-
None
-
many users
Currently, debian-sources is a static ebuild. I made this change because we were having problems with my overly complex autogen for debian-sources and want to lock the kernel to 5.18.
However, we now have https://security-tracker.debian.org/tracker/CVE-2022-3977
The fixed sid kernel is a 6.x kernel which we probably don't want to switch to. We probably want to move to the latest patched 5.18.x kernel for now, and ensure that this CVE is addressed in that kernel.
This would be a good time to re-implement the debian-sources autogen to be simpler. It became complicated due to having to query multiple debian repositories (debian has a very horrible organization for this) and then make decisions about what ebuilds to generate and mask. So it became really hard to maintain.
A simpler autogen that serves our needs for now should resolve this issue.