Hi, On Mon, Jan 24, 2022 at 11:36:11AM +0100, Nils Dagsson Moskopp wrote: > Salvatore Bonaccorso <car...@debian.org> writes: > > > close 1004223 5.4.1+repack-1 > > thanks > > Yes, the problem is fixed in later Minetest versions – as I said … > > However, the current version in Debian stable (bullseye) is 5.3.0. > > This means that the patch needs to be backported to protect users!
Yes. But we can have closes of a bug in multiple versions, and this way we properly track the metadata on the bug, indicating it is fixed in 5.4.1+repack-1. Another upload fixing it in bullseye and older still can close the bug with that apprropriate version. minetest is on the radar of the security-team and it's planned to have an update: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3db1fe1ab2c140906022a463cf18046ebbdd8aca#922f24d99bcbb71f467600d4a765aa2ac5ee31f5_31_31 Regards, Salvatore