On Sat, 29 Aug 2020 at 10:16:28 +0000, Mike Gabriel wrote: > here is a summary of what we discussed on IRC. > > * gnome-shell in stretch+buster reveal password length > * CVE-2020-17489/buster -> bach to <no-dsa> (fix via buster-pu) > * CVE-2020-17489/stretch -> back to "vulnerable" (fix via LTS in prep) > > @smcv: please let me know if you are ok with me uploading to buster-pu or if > you'd rather like to have a .debdiff.
Thanks for looking into this. If you wouldn't mind sending a debdiff to this bug (or a merge request to https://salsa.debian.org/gnome-team/gnome-shell/-/tree/debian/buster, your choice), it's probably best for someone from the GNOME team to have the opportunity to check it before uploading to buster-pu - there's no date planned for Debian 10.6 yet, so we're not on a tight schedule for -pu uploads. Thanks, smcv
