Am 12.07.23 um 11:31 schrieb Andrea Pappacoda:
On Mon, 12 Jun 2023 17:50:25 +0200 Bastian Germann <b...@debian.org> wrote:
> Hi Andrea,
>
> As there was no upload to unstable after the bookworm version, just
upload an unstable 0.11.4+ds-2 with the upstream
> patch (excluding or backporting the test) and mentioning the CVE in
the changelog. Then add a bookworm-security
> changelog entry and debdiff the resulting package to 0.11.4+ds-1. You
send the debdiff to the security team to operate on.
>
> See also
https://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security
Hi Bastian, sorry for not replying earlier but I did not receive your
email (it was sent to 1037100-submitter@bugs.d.o).
I've uploaded an updated version of cpp-httplib to Mentors, because of
soname changes (and a need to upload to NEW).
As for fixing the version in bookworm, I'll do it as soon as possible.
When you fix the unstable version via a patch and later upgrade to a new
upstream version there is almost no additional work. So please go that
route. Your new version still has an experimental 0.12 in the changelog
that was never uploaded.
Thanks for the continuous help!