Hello Salvatore, On Sun, Jun 11, 2023 at 05:12:57PM +0200, Salvatore Bonaccorso wrote: > Source: libeconf > Version: 0.5.1+dfsg1-1 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > > Hi, > > The following vulnerabilities were published for libeconf. [...]
Thanks for notifying me about this. I've prepared libeconf 0.5.2 packages in git and just uploaded towards unstable. IMHO I think uploading the same to stable would be fine (even though there's one "unrelated" change in new upstream version so maybe not strictly a security-only release), because libeconf has no reverse dependencies in the debian archive yet! The risk of regression should thus be almost non-existant. If by chance you have the SRM dance in muscle memory, please feel free to take over getting 0.5.2 into stable! It's been a while for me and honestly since libeconf is still unused it's very low prio for me. Regards, Andreas Henriksson