Hi James, On Tue, Sep 14, 2021 at 09:06:22PM -0400, James McCoy wrote: > On Sat, Sep 11, 2021 at 09:26:04AM +0200, Salvatore Bonaccorso wrote: > > The following vulnerability was published for vim. > > > > CVE-2021-3770[0]: > > | vim is vulnerable to Heap-based Buffer Overflow > > > > The fix is at [1] but needed a followup [2]. > > Does this need to go through bullseye-security or would a bullseye > upload suffice? I have a couple other fixes (#993766 and maybe #994209) > in the pipeline that would be good for bullseye, so I could group these > together.
IMHO it should be enough to route the update trough the upcoming point release(s) for bullseye and buster (would you as well prepare an update there for buster?) Currently both are planned, cf. https://lists.debian.org/debian-release/2021/09/msg00373.html Regards, Salvatore
