On Sun, Jul 06, 2025 at 09:18:00PM +0200, Sebastian Ramacher wrote: > On 2025-07-06 15:28:25 +0200, Salvatore Bonaccorso wrote: > > ChangZhuo Chen, what is your take here? I see possibly two ways: > > > > Convince release team that a version based on 1.8.0 + including the > > security fix for CVE-2025-49014 and the FTBFS for i386 is fine, or > > actually revert back to 1.7.1-6, and apply the fix for CVE-2025-48060 > > on top. > > I think a targetted fix on top of 1.7.1 would be more appropriate. I > don't expect all of " 190 files changed, 30175 insertions(+), 24688 > deletions(-)" is needed to fix CVE-2025-49104.
I agree with Sebastian. Let's aim for a targeted fix on top of 1.7.1.
--
ChangZhuo Chen (陳昌倬) czchen@{czchen,debian}.org
Key fingerprint = BA04 346D C2E1 FE63 C790 8793 CC65 B0CD EC27 5D5B
signature.asc
Description: PGP signature
