-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 control: tag -1 security On Thu, 2021-05-20 at 15:25 +0200, Yves-Alexis Perez wrote: > Package: release.debian.org > Severity: normal > Tags: buster > User: release.debian....@packages.debian.org > Usertags: pu > X-Debbugs-Cc: xfce-de...@lists.debian.org > > Hi release team > > this is a pre-approval request for updating Thunar in stable, from 1.8.4 > to 1.8.17. > > The context is the recently found vulnerability CVE-2021-32563 > (#988394), which has been fixed in 1.8.17. > > With my security team hat on, I don't think it really desserves a DSA > with an isolated fix, but (with my Xfce maintainer hat on) I think it > would make sense to fix it in a point update, along with the various > bugfixes and translation updates that Thunar had since the freeze. > > I've not yet done the packaging work (so I don't mess my local > repository) but the diff between the two upstream tags is attached. > > Hi, this is a friendly ping on the above. I guess it might be too late for the next point release already, but just in case.
Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmC9xc8ACgkQ3rYcyPpX RFvodwgA0raOxb8+cPln5tiGDmUaCHaRiMuu7PwOQnOePZzkv7vWjGTCPsXflVVo MEReD7BSdv5eCdX8RoBL0J/mf2AoNjmdPgcOoTyCRwn8TImiILoF+0HW1qsXBBxA kib6+l7CP2VQiRIj1y9tIMB2P+RpMI/Fz0i8+N6d5Puse7HleffsNYHIZPftQoEv gNDpwLuYCAgDlcDC5oRkOFUplX2R1TlBZzA/V4HW/L5UxcJkK8HcXnl0+VVVnY9V k9cv5+mOQbFbEgACirNeEs9WHWgRLAy6cGyyAUa5AZhphBWqihgUx3Co+Agsb7nn 4jtzG53XRlzPrNlnN/Cmx0fq5iCt7Q== =IG1+ -----END PGP SIGNATURE-----
