On Fri, 2023-06-02 at 18:54 -0400, Daniel Kahn Gillmor wrote: > Uploading libreswan 4.19-1+deb12u1 should address #1035542 (aka > CVE-2023-30570), which addresses a potential DoS against libreswan > instances that use a certain IKEv1 configuration. > > Discussion with Salvatore Bonaccorso over in #1035542 concluded that > using point releases for this should be sufficient. >
fwiw, because you already uploaded this, it hit testing-proposed- updates, where it got autobuilt without any review from the Release Team (as the approval boundary there is tpu -> testing, rather than stable-new -> pu). Hopefully that shouldn't make any practical difference, I'm just mentioning it in case it was unexpected. (It will also need a bit of handholding to get our tooling to recognise it properly once the release has happened, but it's not the only package in that situation.) Regards, Adam