Hi Andrea, On Thu, Aug 07, 2025 at 01:12:42AM +0200, Andrea Pappacoda wrote: > Hi! > > I have prepared an upload fixing three CVEs for the cpp-httplib package, > originally targeting unstable/testing/trixie. I was asked by the release > team to coordinate with you instead, and to perform a security update. > > You can find a full diff about the version in trixie and the update at > <https://salsa.debian.org/debian/cpp-httplib/-/compare/archive%2Fdebian%2F0.18.7-1...debian%2Ftrixie?from_project_id=65963>. > I've also attached a debdiff here. > > For some more context on the impact of the changes, please see the Cc'd bug > and the unblock bug #1110393. > > Let me know how to proceed! Bye :)
Yes that was a bit to narrow now before the trixie release, I can understand they did not want anymore to unblock. My suggestion would be: make first a unstable upload with the targeted fix (maybe after saturday, given trixie release is just around the corner and we should not cause mor work to the release team). Once that is in, we can decide if cpp-httplib requires a DSA or a point release is enough. Samewise then for bookworm. Regards, Salvatore
