Hi, On Sat, Apr 20, 2024 at 07:54:13AM -0400, P. J. McDermott wrote: > On 2024-04-19 at 15:55, Salvatore Bonaccorso wrote: > > Hi, > > > > FWIW, I'm actually preparing a security update for the two CVEs and > > for bookworm I was first planning to do a 590-2.1 reaching unstable, > > and so then 590-2.1~deb12u1 for bookworm. > > > > But if you want to override it with a NMU and proposing to salvage the > > package this is equally fine. > > Your DELAYED/2 NMU is probably the fastest and best way to get these > CVEs fixed in unstable and bookworm, so that's fine, thanks. Any plans > for 551-2 in bullseye? The two patches in your NMU apply cleanly there.
Yes, both bookworm-security and bullseye-security updates are already prepared and uploaded to security-master. I will wait for some exposure of less in unstable with the two fixes before releasing the DSA. I have not pushed the changes yet to the repository (will be done after the DSA release). I cannot comment on the salvaging of the package directly, as Milan has responded to the bug and even acked the NMU. So I assume he is active and you need to discuss with him on co-maintainership for less. But as I read the discussion is already happening. So stopping here to comment. Regards, Salvatore