HI Christian, N.B. not part of the release team.
On Mon, May 15, 2023 at 09:00:30PM +0200, Christian Kastner wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > X-Debbugs-Cc: libc...@packages.debian.org > Control: affects -1 + src:libcap2 > > Please unblock package libcap2 > > This fixes two minor CVEs for which the fix was published today. The fix > consists of cherry-picking two small patches from upstream. > > I'm erring on the side of caution here and asking for pre-approval, as > the issues this fixes were considered to be minor and I'm not sure > whether "CVE" by itself automatically satisfies the threshold for direct > upload. > > [ Reason ] > Fix for two security issues. > > [ Impact ] > Without this release, users will be left vulnerable to two minor issues. > > [ Tests ] > All upstream tests passed, including those requiring root (tested within > a VM). > > [ Risks ] > Little to none. The two patches are trivial. > > [ Checklist ] > [X] all changes are documented in the d/changelog > [X] I reviewed all changes and I approve them > [X] attach debdiff against the package in testing > > unblock libcap2/1:2.66-4 > diff -Nru libcap2-2.66/debian/changelog libcap2-2.66/debian/changelog > --- libcap2-2.66/debian/changelog 2022-12-21 21:19:49.000000000 +0100 > +++ libcap2-2.66/debian/changelog 2023-05-15 20:34:57.000000000 +0200 > @@ -1,3 +1,9 @@ > +libcap2 (1:2.66-4) unstable; urgency=medium > + > + * Apply upstream patches for CVE-2023-2602, CVE-2023-2603 > + > + -- Christian Kastner <c...@debian.org> Mon, 15 May 2023 20:34:57 +0200 We had I guess a small overlap in bugreporting, can you as well include bug closer for #1036114 in your upload? Regards, Salvatore