Hi Salvatore, On Thu, Aug 07, 2025 at 07:05:15AM +0200, Salvatore Bonaccorso wrote: > > Ok then we are on the same page, I will mark it sas such in the > security-tracker.
thanks, > > > If so the changes should go (after the trixie release > > > this weekend) to the first trixie point release and as well to the > > > next bookworm point release. > > > > > > But happy to hear your opinion. > > > > What are the prerequisites? I mean if we upload the new package > > to SID, then is there any chance to migrate that into Trixie? Do > > we have enough time? > > > > Or should we add a patch to current Testing package? > > Not anymore or very unlikely. Less if you upload a new upstream > version rather with targetd fixes. But we are literally only two days > away from the trixie release, release team now only accepts critical > fixes for the release in. what is considered critical? This has a CVE with score 6.9. > My (personal) suggestion would still be: make a 2.9.11-2 upload with > targeted fixes ASAP, we might then still ask release team to accept > the targeted fix (but we should not waste their time OTOH). Then make > for trixie's first point release either a 2.9.11-1+deb13u1 or in this > case since you have from the upper suite a targeted fix > 2.9.11-2~deb13u1. > > If that all happens still today there might be a little chance, if you > need more time then just upload 2.9.12-1 to unstable (after saturday). > > Does this helps? probably yes. I'll try to prepare the patch for 2.9.11 to upload 2.9.11-2. Thanks, a.
