Am Thu, May 07, 2026 at 04:22:40PM +0700 schrieb Arnaud Rebillout:
> Hello Moritz,
>
> I intend to propose a similar upload for bookworm, so I was looking at your
> debdiff first.
Nice!
> May I ask: why not fixing CVE-2026-4786 as well? It is marked as fixed in
> the tracker, but it's only because it is introduced by the fix
> for CVE-2026-4519, which is not yet in trixie (it's in your debdiff here).
CVE-2026-4786 is only an issue if for CVE-2026-4519 is incompletely fixed,
but my patches for for CVE-2026-4519 contain the full fix compromised
of three upstream patches, so 3.13 was never affected by CVE-2026-4786
in trixie.
I'd suggest to simply do the same for 3.11.
Cheers,
Moritz
