Hi, I'm planning to fix [CVE-2025-27795] and [CVE-2025-27796] for Debian LTS (disclaimer: it's a pro-bono upload as part of onboarding in Freexian's LTS team) and I saw they also affect bookworm. Therefore I'd be more than happy to help fix them in our current stable release.
So my first questions go to the maintainer: do you plan or is already working on these fixes? If not, would you like to be part of the effort (like reviewing the proposed changes, helping to test and so on)? The other questions go to security team: I saw it's not marked as no-dsa, but it's also not in dsa-needed file so if a prepare a fix for bookworm should it go via security update or proposed updates? Are you already working on a fix or plan to do so? How should we coordinate this effort? Cheers, Charles [CVE-2025-27795]: https://security-tracker.debian.org/tracker/CVE-2025-27795 [CVE-2025-27796]: https://security-tracker.debian.org/tracker/CVE-2025-27796
signature.asc
Description: PGP signature
