control -1 tags pending Hi again,
On Thu, 2022-08-11 at 23:52 +0200, Moritz Muehlenhoff wrote: > On Thu, Aug 11, 2022 at 11:08:49PM +0200, Evangelos Ribeiro Tzaras wrote: > > > > > If you fix the vulnerabilities please also make sure to include the > > > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > > > ACK. > > Is there a specific format needed when referencing the CVE? > > Not really, just mention them in debian/changelog :-) alright, so the patches apply cleanly and d/changelog mentions the CVEs (and closes this bug). > In addition we'll keep security-tracker.debian.org updated when the upload > reaches unstable. > > Once the fix is in unstable (and if there are issues reported after a few > days) we can sort out an update for bullseye-security. Sounds good to me! I think bullseye-security would be great, because I'm certain it is also vulnerable (oldstable potentially too - haven't checked) -- Cheers, Evangelos PGP: B938 6554 B7DD 266B CB8E 29A9 90F0 C9B1 8A6B 4A19
signature.asc
Description: This is a digitally signed message part
