Control: tags -1 + confirmed Apologies for the delay.
On Sat, 2019-12-21 at 22:13 +0100, Thomas Goirand wrote: > I'd like to update python-oslo.utils in Buster to address CVE-2019- > 3866. > It wasn't possible to apply directly the patch available here: > > https://review.opendev.org/692972 > > and I found too dangerous to skip the commits right before it, which > are related to this patch. So I just merged upstream branch > stable/rocky into the Debian package. However, looking closer to all > patches, either they are all related to the official patch, or are > cosmetic from the Debian perspective (ie: .gitreview, or upstream CI > related). > > Please find, attached to this bug, the debdiff for the udpate. > +python-oslo.utils (3.36.4+2019.11.15.git.c49a426b66-1+deb10u1) buster; urgency=medium I'd prefer -0+deb10u1 there, as there was (I presume) never a -1 upload to Debian. With that change, please go ahead. Regards, Adam
