Hi Oxan, On Mon, Jul 05, 2021 at 06:03:10PM +0200, Oxan van Leeuwen wrote: > Hi, > > On 29-06-2021 07:41, Salvatore Bonaccorso wrote: > > The following vulnerability was published for postsrsd. > > > > CVE-2021-35525[0]: > > Thanks for the report, I've unfortunately missed this release. Do you want > to fix this through a DSA, or should I prepare&upload a stable (and > bullseye) update?
I think we can do the following action plan, let me know if you agree: The release btw is not yet fully missed, so I would suggest: upload a very targetted fix aimed for bullseye to unstable, ask the release team for unblocking and aging the package, so we make sure the fix lands in bullseye before the release. For buster, it looks to me that the issue is low severity enough that we can have an update via an upcoming point release. Do you concur? Regards, Salvatore
