Hi Sergei, Sorry for taking a while.
On 6/27/25 09:25, Sergei Golovan wrote:
Can you please check our FAQ [1] and try to answer the questions listed in the "new upstream" section? I'll note that erlang is a key package.Sorry, I was too brief in theis bugreport. Should've added more detail.
Thanks for your further comments. Can you still answer whether there's an upstream policy for a release like this one? Judging from the numbering, upstream considers this a fix release, but I'm guessing here. Do they have a policy (that you can link) for such releases?
In my opinion, not only fixing CVE-2025-4748, but also at least changes in SSH are useful enough to be included in trixie. Fixes for crashes in the Erlang shell improve usability as well (though I never experienced them myself).
Sounds like we should do this, but knowing upstreams policy would make me more confident.
Paul
OpenPGP_signature.asc
Description: OpenPGP digital signature
