Hi, I have prepared a new Debian revision for the package on unstable, containing the fix for the vulnerability. I uploaded it to mentors [1], as I have no uploading rights to the archive, and opened an RFS [2].
Should I wait until the bug is closed on unstable before I prepare a revision to stable? Debian Developer's Reference says so [3], but I was not sure whether it was valid to security fixes too. [1] https://mentors.debian.net/debian/pool/main/p/pngcheck/pngcheck_2.3.0-13.dsc [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976371 [3] https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions Regards, Polverari
