On Mon May 11, 2026 at 5:21 PM -03, Pieter Lenaerts wrote:
> On Sun May 10, 2026 at 10:01 PM CEST, Emmanuel Arias wrote:
>
> Hi Emmanuel,
> I'm CC'ing Jeroen as he has been giving me feedback on my beets update for
> unstable.
>
>> I can review them.
>
> Great, thanks in advance.
>
>> Just to confirm it, the patches to fix this CVE are:
>>
>> - fix-ubuntu-s390x
>
> This one was touched by gbp pq importing/exporting. Not related to the CVE.
>
>> - fix_xss_by_using_escaped_template_tags_in_web_ui
>> - add_unit_test_checking_unsafe_web_ui_input
>
> These two are the ones, indeed.
>
>> Also I recommend you use debian/trixie as name branch.
>
> I've renamed the branch and I've prepared the updates for bullseye & bookworm
> too.
>
> Feedback welcome for these.
>
> Should I open stable update bugs for each release?
Yes, you can open a -pu bug.
I sent you some comments about patches.
>
> My update for unstable is not ready yet. I still get issues from autopkgtest.
>
> @Jeroen, I did remediate all your comments though.
>
> Thanks for your time!
>
> Pieter
--
cheers,
Emmanuel Arias
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ [email protected]
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: 13796755BBC72BB8ABE2AEB5 FA9DEC5DE11C63F1
⠈⠳⣄
