Hi Roland, On Sat, May 10, 2025 at 02:50:42PM +0200, Salvatore Bonaccorso wrote: > Hi Roland, > > On Mon, May 05, 2025 at 08:15:42PM +0200, Roland Rosenfeld wrote: > > Hi Salvatore! > > > > On Wed, 30 Apr 2025, Salvatore Bonaccorso wrote: > > > > > FWIW, the CVEs have been rejected in meanwhile as there is no real > > > security impact. I think still it is worth you might upload your > > > package for the upcoming point release, but please drop the CVE id > > > mentionings. > > > > Okay, I renamed the patches to their names from sid/trixie and removed > > the CVE references from the patches and from debian/changelog. > > > > An updated debdiff is attached. > > The updated salsa pipeline is at > > https://salsa.debian.org/debian/fig2dev/-/pipelines/861650 > > > > Everything else didn't change since the initial bugreport. > > A diff against the initial bug report can be found in > > https://salsa.debian.org/debian/fig2dev/-/commit/792b63860a7e4bdc6199da9e049cc617512c44b9 > > Thanks a lot. AFAICS you did not got an ack yet from release team, but > if you are confident that it will be accepted as it is, you can take > advantage of the improved workflow and upload as well the package > already. I'm mentioning that since the window for uploading fixes for > the next point release will close this weekend.
To late for the next point release, but we can do the next one :) FWIW, just from today the CVEs got assigned back after they got dropped. I restored the tracking from security-tracker point of view as: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7302ddf264401a63ade31814877256fe6a21861 Regards, Salvatore
