Hi Sandro, On Sun, Sep 12, 2021 at 06:33:57PM +0200, Sandro Knauß wrote: > Hey, > > > > What about Buster? Is 2.5 also affected? > > > > > > yes 2.5 is also affected. At least the source files look the same. > > > > Ack, can you also prepare an update for buster-security, please? > > I have here a proposed debdiff. I added a third patch, so users have the > possiblility to accept invalid certs otherwise they would fail silently. At > least for me this sounds like not a proper solution.
Deferring a reply for this one to Moritz. > * Do I need to upload also with sources? How can I check this myself? Whenever you do a first upload to security-master where the source would not have been present yet, then yes the orig source needs to be included. For nextcloud-desktop +deb10u1 was via a buster point release, so it would be correct to build with -sa. Note that yu want to change the target distribution to buster-security in: > +nextcloud-desktop (2.5.1-3+deb10u2) buster; urgency=high Regards, Salvatore