Document openmpi embedding pmix and where switching to system library use

author: Salvatore Bonaccorso <carnil@debian.org> 2023-11-04 10:47:01 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-11-04 10:48:09 +0100
commit: dc3c1ab5332f6fd86de5393b2447a5bfc6901227 (patch)
tree: db6e22b8b70942821efef8efe3c0ef55761b8a53 /data
parent: d82092c750a212050856672eeba624d813a4fb6d (diff)
2 files changed, 5 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 81beb98437..9683c47855 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9048,7 +9048,6 @@ CVE-2023-41915 (OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attacke
 	- pmix 5.0.1-1 (bug #1051729)
 	NOTE: https://github.com/openpmix/openpmix/commit/da036933c2795c1f40d0835e15f17e204e4daf0f (v4.2.6)
 	NOTE: https://github.com/openpmix/openpmix/commit/0bf9801a3017eb6ca411e158da39570ccb998c17 (v5.0.1)
-	TODO: to be checked if affects the embedded copy for openmpi
 CVE-2023-4875 (Null pointer dereference when composing from a specially crafted draft ...)
 	{DSA-5494-1 DLA-3574-1}
 	- mutt 2.2.12-0.1 (bug #1051563)
diff --git a/data/embedded-code-copies b/data/embedded-code-copies
index af7c968ad4..20053a14e2 100644
--- a/data/embedded-code-copies
+++ b/data/embedded-code-copies
@@ -3767,3 +3767,8 @@ ruby-arel
 python-truststore
 	- python-pip <unfixable> (embed)
 	NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+pmix
+	- openmpi 4.1.0-5 (embed)
+	NOTE: Since 4.1.0-5 openmpi uses the system libary for src:pmix
+	NOTE: https://salsa.debian.org/hpc-team/openmpi/-/commit/f2734a47152742bcc909317e4373e70ecffcdb04
author	Salvatore Bonaccorso <carnil@debian.org>	2023-11-04 10:47:01 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-11-04 10:48:09 +0100
commit	dc3c1ab5332f6fd86de5393b2447a5bfc6901227 (patch)
tree	db6e22b8b70942821efef8efe3c0ef55761b8a53 /data
parent	d82092c750a212050856672eeba624d813a4fb6d (diff)