Hi Andrea, On Sun, May 21, 2023 at 12:37:17PM +0200, Andrea Bolognani wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > X-Debbugs-Cc: libv...@packages.debian.org > Control: affects -1 + src:libvirt > > Please unblock package libvirt > > > [ Reason ] > > Fix CVE-2023-2700. > > > [ Impact ] > > Fix CVE-2023-2700. > > > [ Tests ] > > I haven't found tests covering this specific functionality. However, > the change is part of libvirt 9.3.0, which is already in Debian > experimental as well as other distributions such as Fedora, and to > the best of my knowledge no issues with it have been reported. > > > [ Risks ] > > The change has already been reviewed and accepted upstream. The > function being patched hasn't changed between 9.0.0 and 9.3.0, so the > backport was a clean one. I have reviewed the changes again in the > context of the Debian package. > > > [ Checklist ] > > [x] all changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [x] attach debdiff against the package in testing > > > [ Other info ] > > N/A > > > unblock libvirt/9.0.0-4
I think in this case you can take advantage of https://release.debian.org/testing/freeze_policy.html#full in "Applying for an unblock", item 5, as the diff is very small and targetted to add the missing g_free you could upload already to unstable to avoid the additional rountrip (in particular as the hard deadlines are approaching). Hope this helps, Regards, Salvatore
