From b22fe9cbf77ba2438b2f3a9383f87dffa4eaf335 Mon Sep 17 00:00:00 2001 From: Peng Zhang Date: Mon, 28 Apr 2025 14:07:00 +0000 Subject: [PATCH] Remove wheel binary package from list To the wheel binary of Debian bullseye, there is no release to fix this issue. So the binary package in base-bullseye.lst need be removed, add source package and backport the fix to Bullseye to fulfill security obligations. CVE-2022-40898: https://nvd.nist.gov/vuln/detail/CVE-2022-40898 Reference: https://github.com/pypa/wheel/commit/88f02bc335d5404991e532e7f3b0fc80437bf4e0 https://security-tracker.debian.org/tracker/CVE-2022-40898 TestPlan: PASS: downloader; build-pkgs PASS: build-image PASS: install on SX-lab Depends-On: https://review.opendev.org/c/starlingx/integ/+/948326 Closes-Bug: 2108013 Change-Id: Icb32915c958249ee85c5852cdbb3e3e36ac4e575 Signed-off-by: Peng Zhang --- debian-mirror-tools/config/debian/common/base-bullseye.lst | 1 - 1 file changed, 1 deletion(-) diff --git a/debian-mirror-tools/config/debian/common/base-bullseye.lst b/debian-mirror-tools/config/debian/common/base-bullseye.lst index be5e66e2a..0e3cdc243 100644 --- a/debian-mirror-tools/config/debian/common/base-bullseye.lst +++ b/debian-mirror-tools/config/debian/common/base-bullseye.lst @@ -1159,7 +1159,6 @@ python3-websocket 0.57.0-1 python3-websockify 0.9.0+dfsg1-3 python3-webtest 2.0.35-1 python3-werkzeug 1.0.1+dfsg1-2+deb11u2 https://snapshot.debian.org/archive/debian-security/20250221T142307Z/pool/updates/main/p/python-werkzeug/python3-werkzeug_1.0.1%2Bdfsg1-2%2Bdeb11u2_all.deb -python3-wheel 0.34.2-1 python3-wrapt 1.12.1-4+b1 python3-xmlschema 1.4.2-1 python3-xstatic 1.0.0-7