Hi David, On Fri, Dec 04, 2020 at 03:55:50AM -0500, David da Silva Polverari wrote: > Hi, > > I have prepared a new Debian revision for the package on unstable, > containing the fix for the vulnerability. I uploaded it to mentors [1], > as I have no uploading rights to the archive, and opened an RFS [2].
Thanks for the fix in unstable. > > Should I wait until the bug is closed on unstable before I prepare a > revision to stable? Debian Developer's Reference says so [3], but I was > not sure whether it was valid to security fixes too. For updates via a DSA this is not necessary, but obvioulsy it needs then still to be fixed in the uper suite. For this particular issue, we have marked the issue no-dsa, meaning the update does not warrant a DSA on it's own, but a fix in stable would still be appreciated (via a point release). Now that the fix is in unstable, can you prepare as well a corresponding fix for buster for the next point release happening? Regards, Salvatore
