Hello Luís, 4.5MB feels pretty unlikely for a security fix; the diffstat on that debdiff is all over the place:
$ diffstat spip_focal.debdiff /tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-audio-ogg.swf |binary /tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-audio.swf |binary /tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-video-hls.swf |binary /tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-video-mdash.swf |binary /tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-video.swf |binary spip-3.2.15/.gitignore | 129 spip-3.2.15/CHANGELOG.TXT | 318 + spip-3.2.15/config/ecran_securite.php | 23 ... Normally security fixes add patches to debian/patches/ directory, modify a debian/patches/series file, modifies the debian/changelog. It's very rare to modify files outside of this hierarchy (except for 'native packages', but those don't typically have version numbers this complex). Could you double-check that you've prepared the patches that you thought you prepared? Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971185 Title: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs