openEuler 20.03 LTS SP1 Update 20210430 release已经测试完成。 请TC委员,Release委员,QA委员在issue内答复评审意见,欢迎广大开发者对本次发布发表意见,您的每条意见我们都会认真对待,并加以改进。 如果您发现了版本的致命问题请及时邮件通知我们,2021年5月15日结束发布流程。
版本目标:CVE修复 版本计划: 例行CVE冻结(本次为周例行版本):20210515 代码冻结: 20210512 转测试时间:20210514 版本发布: 20210515
本次更新主要涉及:golang、xstream等;
修复cve:25个
CVE清单:
CVE-2021-29425 次要 src-openEuler/apache-commons-io CVE-2021-3487 次要 src-openEuler/binutils CVE-2021-3487 次要 src-openEuler/binutils CVE-2021-27506 次要 src-openEuler/clamav CVE-2021-3448 不重要 src-openEuler/dnsmasq CVE-2021-29470 次要 src-openEuler/exiv2 CVE-2021-29457 主要 src-openEuler/exiv2 CVE-2021-29458 次要 src-openEuler/exiv2 CVE-2021-28650 次要 src-openEuler/gnome-autoar CVE-2021-27918 主要 src-openEuler/golang CVE-2021-28168 次要 src-openEuler/jersey CVE-2020-28493 次要 src-openEuler/python-jinja2 CVE-2020-28493 次要 src-openEuler/python-jinja2 CVE-2020-15169 次要 src-openEuler/rubygem-actionview CVE-2021-21349 主要 src-openEuler/xstream CVE-2021-21350 严重 src-openEuler/xstream CVE-2021-21348 主要 src-openEuler/xstream CVE-2021-21351 严重 src-openEuler/xstream CVE-2021-21341 主要 src-openEuler/xstream CVE-2021-21342 严重 src-openEuler/xstream CVE-2021-21343 主要 src-openEuler/xstream CVE-2021-21344 严重 src-openEuler/xstream CVE-2021-21345 严重 src-openEuler/xstream CVE-2021-21346 严重 src-openEuler/xstream CVE-2021-21347 严重 src-openEuler/xstream
From: guoxiaoqi Sent: Friday, May 14, 2021 9:34 AM To: Hufeng (Solar, Euler) solar.hu@huawei.com; liyongqiang (H) liyongqiang10@huawei.com; chenyaqiang chenyaqiang@huawei.com Cc: Yanxiaobing yanxiaobing@huawei.com; Jiangzhenhua (Ronnie, Kunpeng Computing) zhenhua.jiang@huawei.com; Liujingang (Bob) liujingang09@huawei.com; fanjiachen (A) fanjiachen3@huawei.com; Zhangtao (zhangtao, AX) zhangtao221@huawei.com; Miaokaibo (miao_kaibo) miaokaibo@huawei.com; wangchong (J) wangchong56@huawei.com; yaokai (G) yaokai13@huawei.com; Xuxiaosong xuxiaosong@huawei.com; xiasenlin xiasenlin1@huawei.com Subject: RE: 【20.03-LTS-SP1 512 update周版本】启动测试
新增依赖
软件包
类别
所属分支
接口变更
责任田
src-openEuler/apache-commons-io
CVE
SP1
不涉及
openEuler
src-openEuler/binutils
CVE
SP1
不涉及
基础服务
src-openEuler/dnsmasq
CVE
SP1
不涉及
网络组
src-openEuler/exiv2
CVE
SP1
不涉及
网络组
src-openEuler/gnome-autoar
CVE
SP1
不涉及
网络组
src-openEuler/golang
CVE
SP1
不涉及
容器组
src-openEuler/jersey
CVE
SP1
不涉及
openEuler
src-openEuler/python-jinja2
CVE
SP1
不涉及
基础服务
src-openEuler/rubygem-actionview
CVE
SP1
不涉及
openEuler
src-openEuler/velocity
CVE
SP1
不涉及
openEuler
src-openEuler/xstream
CVE
SP1
不涉及
openEuler
src-openEuler/mxparser
依赖
SP1
不涉及
openEuler
src-openEuler/xmlpull
依赖
SP1
不涉及
openEuler
From: guoxiaoqi Sent: Thursday, May 13, 2021 9:10 PM To: Hufeng (Solar, Euler) <solar.hu@huawei.commailto:solar.hu@huawei.com>; liyongqiang (H) <liyongqiang10@huawei.commailto:liyongqiang10@huawei.com>; chenyaqiang <chenyaqiang@huawei.commailto:chenyaqiang@huawei.com> Cc: Yanxiaobing <yanxiaobing@huawei.commailto:yanxiaobing@huawei.com>; Jiangzhenhua (Ronnie, Kunpeng Computing) <zhenhua.jiang@huawei.commailto:zhenhua.jiang@huawei.com>; Liujingang (Bob) <liujingang09@huawei.commailto:liujingang09@huawei.com>; fanjiachen (A) <fanjiachen3@huawei.commailto:fanjiachen3@huawei.com>; Zhangtao (zhangtao, AX) <zhangtao221@huawei.commailto:zhangtao221@huawei.com>; Miaokaibo (miao_kaibo) <miaokaibo@huawei.commailto:miaokaibo@huawei.com>; wangchong (J) <wangchong56@huawei.commailto:wangchong56@huawei.com>; yaokai (G) <yaokai13@huawei.commailto:yaokai13@huawei.com>; Xuxiaosong <xuxiaosong@huawei.commailto:xuxiaosong@huawei.com> Subject: RE: 【20.03-LTS-SP1 512 update周版本】启动测试
更新,xstream不涉及接口变更。thrift涉及变更,本次版本暂时不发布
软件包
类别
所属分支
接口变更
责任田
src-openEuler/apache-commons-io
CVE
SP1
不涉及
openEuler
src-openEuler/binutils
CVE
SP1
不涉及
基础服务
src-openEuler/dnsmasq
CVE
SP1
不涉及
网络组
src-openEuler/exiv2
CVE
SP1
不涉及
网络组
src-openEuler/gnome-autoar
CVE
SP1
不涉及
网络组
src-openEuler/golang
CVE
SP1
不涉及
容器组
src-openEuler/jersey
CVE
SP1
不涉及
openEuler
src-openEuler/python-jinja2
CVE
SP1
不涉及
基础服务
src-openEuler/rubygem-actionview
CVE
SP1
不涉及
openEuler
src-openEuler/velocity
CVE
SP1
不涉及
openEuler
src-openEuler/xstream
CVE
SP1
不涉及
openEuler
测试repo: SP1:http://121.36.84.172/repo.openeuler.org/openEuler-20.03-LTS-SP1/update_20210...
SP1 EPOL:http://121.36.84.172/repo.openeuler.org/openEuler-20.03-LTS-SP1/EPOL/update_...
请测试同时挂载发布源everything和update repo: SP1 everything: https://repo.openeuler.org/openEuler-20.03-LTS-SP1/everything/$basearch SP1 update: https://repo.openeuler.org/openEuler-20.03-LTS-SP1/update/$basearch
EPOL:https://repo.openeuler.org/openEuler-20.03-LTS-SP1/EPOL/$basearch EPOL update:https://repo.openeuler.org/openEuler-20.03-LTS-SP1/EPOL/update/$basearch
From: guoxiaoqi Sent: Thursday, May 13, 2021 3:39 PM To: Hufeng (Solar, Euler) <solar.hu@huawei.commailto:solar.hu@huawei.com>; liyongqiang (H) <liyongqiang10@huawei.commailto:liyongqiang10@huawei.com>; chenyaqiang <chenyaqiang@huawei.commailto:chenyaqiang@huawei.com> Cc: Yanxiaobing <yanxiaobing@huawei.commailto:yanxiaobing@huawei.com>; Jiangzhenhua (Ronnie, Kunpeng Computing) <zhenhua.jiang@huawei.commailto:zhenhua.jiang@huawei.com>; Liujingang (Bob) <liujingang09@huawei.commailto:liujingang09@huawei.com>; guoxiaoqi <guoxiaoqi2@huawei.commailto:guoxiaoqi2@huawei.com>; fanjiachen (A) <fanjiachen3@huawei.commailto:fanjiachen3@huawei.com>; Zhangtao (zhangtao, AX) <zhangtao221@huawei.commailto:zhangtao221@huawei.com>; Miaokaibo (miao_kaibo) <miaokaibo@huawei.commailto:miaokaibo@huawei.com>; wangchong (J) <wangchong56@huawei.commailto:wangchong56@huawei.com>; yaokai (G) <yaokai13@huawei.commailto:yaokai13@huawei.com>; Xuxiaosong <xuxiaosong@huawei.commailto:xuxiaosong@huawei.com> Subject: 【20.03-LTS-SP1 512 update周版本】启动测试
请启动openEuler-20.03-LTS-SP1 2021年512 周版本测试
软件包
类别
所属分支
接口变更
责任田
src-openEuler/apache-commons-io
CVE
SP1
不涉及
openEuler
src-openEuler/binutils
CVE
SP1
不涉及
基础服务
src-openEuler/dnsmasq
CVE
SP1
不涉及
网络组
src-openEuler/exiv2
CVE
SP1
不涉及
网络组
src-openEuler/gnome-autoar
CVE
SP1
不涉及
网络组
src-openEuler/golang
CVE
SP1
不涉及
容器组
src-openEuler/jersey
CVE
SP1
不涉及
openEuler
src-openEuler/python-jinja2
CVE
SP1
不涉及
基础服务
src-openEuler/rubygem-actionview
CVE
SP1
不涉及
openEuler
src-openEuler/velocity
CVE
SP1
不涉及
openEuler
src-openEuler/xstream
CVE
SP1
涉及接口变更
openEuler
src-openEuler/thrift
CVE
SP1
不涉及
openEuler
测试repo: SP1:http://121.36.84.172/repo.openeuler.org/openEuler-20.03-LTS-SP1/update_20210...
SP1 EPOL:http://121.36.84.172/repo.openeuler.org/openEuler-20.03-LTS-SP1/EPOL/update_...
请测试同时挂载发布源everything和update repo: SP1 everything: https://repo.openeuler.org/openEuler-20.03-LTS-SP1/everything/$basearch SP1 update: https://repo.openeuler.org/openEuler-20.03-LTS-SP1/update/$basearch
EPOL:https://repo.openeuler.org/openEuler-20.03-LTS-SP1/EPOL/$basearch EPOL update:https://repo.openeuler.org/openEuler-20.03-LTS-SP1/EPOL/update/$basearch