Control: tags -1 + confirmed On Wed, 2022-02-23 at 12:21 +0100, Moritz Schlarb wrote: > I kindly ask you to allow version 2.4.9.4 of the aforementioned > package to be included in proposed-updates to fix CVE-2021-39191 > and the regression mentioned in #891224#49ff. > > I would prefer to just be able to introduce this plainly as the > (smaller-than-patch) upstream release for simplicity. >
+libapache2-mod-auth-openidc (2.4.9.4-1+deb11u1) bullseye; urgency=medium + + * New upstream version 2.4.9.4 If you're importing a new upstream version, it's slightly more conventional to use 2.4.9.4-0+deb11u1, as you haven't based the upload on a previous 2.4.9.4-1. I wouldn't object hugely to the form you've used though. Please go ahead. Regards, Adam