Package: lxc-templates Version: 3.0.4-3 Severity: serious File: /usr/share/lxc/templates/lxc-debian User: debian-de...@lists.debian.org Usertags: bullseye-security
With the release of Debian bullseye and later, security updates are provided in the bullseye-security suite instead of bullseye/updates. The lxc-debian script appears to write an apt sources.list that will not provide security updates for sources.list scripts created in order to cater to Debian bullseye images. I suggest that this script check the version of the Debian release in question using distro-info and then if the release is 11 or higher, then use $release-security otherwise use $release/updates as before. It is much better to use distro-info than to hard-code the release version numbers. It might even be a good idea to include the security suite information in distro-info itself and look it up from there. $ grep -A3 -B23 /updates /usr/share/lxc/templates/lxc-debian write_sourceslist() { local rootfs="$1"; shift local release="$1"; shift local arch="$1"; shift local prefix="deb" if [ -n "${arch}" ]; then prefix="deb [arch=${arch}]" fi if [ "$mainonly" = 1 ]; then non_main='' else non_main=' contrib non-free' fi cat >> "${rootfs}/etc/apt/sources.list" << EOF ${prefix} $MIRROR ${release} main${non_main} EOF if [ "$release" != "unstable" -a "$release" != "sid" ]; then cat >> "${rootfs}/etc/apt/sources.list" << EOF ${prefix} $SECURITY_MIRROR ${release}/updates main${non_main} EOF fi } -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part