El 13/09/24 a las 21:39, Moritz Mühlenhoff escribió: > Hi Santiago, Hi Moritz,
Thanks for your feedback. > > I am testing the attached debdiff on my bookworm machine. I can confirm > > the behaviour is the same as 3.11.2-6+deb12u2's with the proposed > > update. For convenience, I am also attaching a simple test script. > > > > The package successfully builds, but I see in the logs that a couple of > > test failed: test_distutils and test_tools. I am currently building > > 3.11.2-6+deb12u3 for being able to compare. > > > > Could you please take a look at it? > > > > Also should this be handled via a security update, or via a point > > release? > > The diff looks good to me, but this a marginal regression and I don't > believe it's warranted to release this via -security. ACK! > And in the mean time another low severity archive-related CVE appeared > (CVE-2024-6232), so it would be great if you could submit your diff > plus the cherrypicked fix for CVE-2024-6232 from the 3.11.x branch > for the next Bookworm point release? Sure. I'll handle that CVE too. Cheers, -- S
signature.asc
Description: PGP signature
