Hi Andreas, On Sun, Jun 11, 2023 at 10:16:22PM +0200, Andreas Henriksson wrote: > Hello Salvatore, > > On Sun, Jun 11, 2023 at 05:12:57PM +0200, Salvatore Bonaccorso wrote: > > Source: libeconf > > Version: 0.5.1+dfsg1-1 > > Severity: important > > Tags: security upstream > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > <t...@security.debian.org> > > > > Hi, > > > > The following vulnerabilities were published for libeconf. > [...] > > Thanks for notifying me about this. I've prepared libeconf 0.5.2 > packages in git and just uploaded towards unstable. > > IMHO I think uploading the same to stable would be fine (even though > there's one "unrelated" change in new upstream version so maybe not > strictly a security-only release), because libeconf has no reverse > dependencies in the debian archive yet! The risk of regression should > thus be almost non-existant. > > If by chance you have the SRM dance in muscle memory, please feel free > to take over getting 0.5.2 into stable! It's been a while for me and > honestly since libeconf is still unused it's very low prio for me.
I do agree that this is low enough that it might be fixed in a point release and does not require a security-update but it is not particularly urgent. Thanks for having it fixed for unstable (and so towards trixie). Regards, Salvatore
