Mark slurm-llnl as EOL for buster
Just not to forget. @beuc
-
MITRE says CVE-2022-29500 leads to information disclosure, but it's actually *->root privilege escalation
-
CVE-2022-29500 is lengthy and invasive, modifying internal API
-
Upstream removed release downloads prior v20, and recommends against backporting in their announcement
-
Contrary to the tracker's notes however, CVE-2022-29501's appears easy to backport for v18, yet we don't have reproducers for either CVE
-
Upstream was not cooperative for CVE-2019-19728
-
Code appears fragile given the past vulnerabilities such as 2 recent SQL injections
If the need arises, we could consider backporting the superseding slurm-wlm (not -llnl) package for buster.