Package: debian-security-support
Version: 1:13+2025.01.30
Severity: normal
X-Debbugs-Cc: debian-lts@lists.debian.org

Hello there,

I would like to propose EOL'ing odoo in bullseye, because 14.0 has been
EOL'ed by upstream and the complexity of backporting patches seems to be
too high.

There is currently one CVE affecting odoo/bullseye: https://security-tracker.debian.org/tracker/CVE-2024-12368

Cheers,

-- Santiago

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQR+lHTq7mkJOyB6t2Un3j1FEEiG7wUCZ9wxJwAKCRAn3j1FEEiG 70RgAQDKarQxaDMqApRwMAdcZ0aDx7nO3GvGYoX3dCfZXzUnWgEA+xyOef2dIy+c 2GxvOYlL0yk152id54UFjmJOulH9ZAs=
=WDtC
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am Donnerstag, dem 20.03.2025 um 12:15 -0300 schrieb Santiago Ruano Rincón:

Package: debian-security-support
Version: 1:13+2025.01.30
Severity: normal
X-Debbugs-Cc: debian-lts@lists.debian.org

Hello there,

I would like to propose EOL'ing odoo in bullseye, because 14.0 has been EOL'ed by upstream and the complexity of backporting patches seems to be
too high.

There is currently one CVE affecting odoo/bullseye: https://security-tracker.debian.org/tracker/CVE-2024-12368

I was checking out oodo for LTS by the beginning of the month. I
couldn't determine the patch that supposedly fixed CVE-2024-12368. IIRC
there were multiple thousand commits between main releases. Based on my
own observation and FWIW, I would second that proposal.

Regards, Daniel

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

hi Santiago,

On Thu, Mar 20, 2025 at 12:15:51PM -0300, Santiago Ruano Rincón wrote:

I would like to propose EOL'ing odoo in bullseye, because 14.0 has been EOL'ed by upstream and the complexity of backporting patches seems to be
too high.

sounds good to me. Unless the security team objects, please simple commit
the change to the master branch and then cherry-pick that commit into the bullseye branch.

I'm happy to handle the upload to unstable and would appreciate someone
else, eg you, uploading to bullseye.

Thanks!


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

Don’t believe everything you think.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmfcUCgACgkQCRq4Vgaa qhyqQBAAoKnF8DITG4w1nkVJtBUlGvFAgzbX3LMPX1dEUMJURO6vIpxOPm/YK/gZ epSNGFD8rVeGDrNFW2CStkrRbJTDodXn5ZbiUHLQsFPrjNDz5XJ23egG6y4SQIcI 2pK407BUyAG41eTpnE/o0SJp2MZxD2cHrwoIf7q/bmDOhsFm+gZ7A88k+nXL1cOS 7CfetRMY3AqSi2+AQN6FxSr0swoluM/ExXe/68oTxEpV8UlrHC9YL8QK5CGWb/M/ vhpmSMr2hj/ighn+/4JQo8sjqxFixWARuLEbuWcjcJFapVV5euI4AUcmxFWBJ+n5 wleUV5M8PbG0bZ+JNDvaoQV29awgzAWZH+SBtS8ztDkEMGA+7mvwsNvte/8ZfEYK 3eAFR37itdNcJi7cuxUhKTOV9JcwuG7Yz4sG2dVSb45M2FQWvo/0suX5p6WTrNyM Ie8GLmV9kXR5K2D1C5oeZv4vgCVSjXuWTkel0VixwLbGUiuCgykPzacIRWLfi4qG kzxOyQ70232gPLLGZst2bg3Hxcp+XsJmntaElOxo8KMhFOKod4ZxBXtXfUbPSt9E Wk97jtSw7hDO4ytK/miq1VEB53L/YgHWQYng8RuwtxyBIngOKnWu0XmeQdI7gCKV
x/QTEmlnQ

On Thu, Mar 20, 2025 at 05:28:08PM +0000, Holger Levsen wrote:

hi Santiago,

On Thu, Mar 20, 2025 at 12:15:51PM -0300, Santiago Ruano Rinc�n wrote:

I would like to propose EOL'ing odoo in bullseye, because 14.0 has been EOL'ed by upstream and the complexity of backporting patches seems to be too high.

sounds good to me. Unless the security team objects, please simple commit
the change to the master branch and then cherry-pick that commit into the bullseye branch.

No objections, for LTS suite(s) it's entirely at the discretion of the
Debian LTS team.

Cheers,
Moritz

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)