Hi Utkarsh,
On Wed, Jan 11, 2023 at 07:14:42PM +0530, Utkarsh Gupta wrote:
> Package: release.debian.org
> User: release.debian@packages.debian.org
> Tags: bullseye
> Severity: normal
>
> Hello,
>
> src:tomcat9 has been affected by debbug #1020948 which was fixed in
> sid and thus would want to backport the fix to bullseye in the next
> point release.
>
> It was noticed that the tomcat-locate-java.sh script which seems to be
> in charge of identifying the Java version to use doesn't have version
> 17 listed. This is a trivial (and thus a low regression) fix.
>
> Debdiff is duly attached. Let me know if you any more information. TIA! \o/
Only a suggestion, given your LTS team involvement with security
updates: If you have enough spare time, there are two CVEs as well,
which would would not warrant an immediate DSA, marked
no-dsa/postponed, which could be included in a bullseye-pu update?
https://security-tracker.debian.org/tracker/CVE-2022-42252
https://security-tracker.debian.org/tracker/CVE-2022-45143
Regards,
Salvatore